From 7e8bef6bfd79c01fc4a952d8ba66c1c8964a83d7 Mon Sep 17 00:00:00 2001 From: Duan Jiong Date: Mon, 13 Jul 2020 14:04:41 +0800 Subject: [PATCH] modify the field networkIsolate in workspace Signed-off-by: Duan Jiong --- pkg/apis/tenant/v1alpha1/workspace_types.go | 2 +- .../tenant/v1alpha1/zz_generated.deepcopy.go | 7 ++++++- .../tenant/v1alpha2/zz_generated.deepcopy.go | 2 +- .../nsnetworkpolicy_controller.go | 17 ++++++++++++----- .../nsnetworkpolicy/nsnetworkpolicy_test.go | 19 +++++++++++++++++++ 5 files changed, 39 insertions(+), 8 deletions(-) diff --git a/pkg/apis/tenant/v1alpha1/workspace_types.go b/pkg/apis/tenant/v1alpha1/workspace_types.go index a77d7df85..dfb9af43c 100644 --- a/pkg/apis/tenant/v1alpha1/workspace_types.go +++ b/pkg/apis/tenant/v1alpha1/workspace_types.go @@ -33,7 +33,7 @@ const ( // WorkspaceSpec defines the desired state of Workspace type WorkspaceSpec struct { Manager string `json:"manager,omitempty"` - NetworkIsolation bool `json:"networkIsolation,omitempty"` + NetworkIsolation *bool `json:"networkIsolation,omitempty"` } // WorkspaceStatus defines the observed state of Workspace diff --git a/pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go index 08f7c8006..393122d0b 100644 --- a/pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/tenant/v1alpha1/zz_generated.deepcopy.go @@ -29,7 +29,7 @@ func (in *Workspace) DeepCopyInto(out *Workspace) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) out.Status = in.Status } @@ -86,6 +86,11 @@ func (in *WorkspaceList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WorkspaceSpec) DeepCopyInto(out *WorkspaceSpec) { *out = *in + if in.NetworkIsolation != nil { + in, out := &in.NetworkIsolation, &out.NetworkIsolation + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkspaceSpec. diff --git a/pkg/apis/tenant/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/tenant/v1alpha2/zz_generated.deepcopy.go index 6cc1c4c13..0c1ae363b 100644 --- a/pkg/apis/tenant/v1alpha2/zz_generated.deepcopy.go +++ b/pkg/apis/tenant/v1alpha2/zz_generated.deepcopy.go @@ -146,7 +146,7 @@ func (in *Placement) DeepCopy() *Placement { func (in *Template) DeepCopyInto(out *Template) { *out = *in in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - out.Spec = in.Spec + in.Spec.DeepCopyInto(&out.Spec) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Template. diff --git a/pkg/controller/network/nsnetworkpolicy/nsnetworkpolicy_controller.go b/pkg/controller/network/nsnetworkpolicy/nsnetworkpolicy_controller.go index 17e7ba8ab..ea4e3aedd 100644 --- a/pkg/controller/network/nsnetworkpolicy/nsnetworkpolicy_controller.go +++ b/pkg/controller/network/nsnetworkpolicy/nsnetworkpolicy_controller.go @@ -384,8 +384,8 @@ func (c *NSNetworkPolicyController) addNamespace(obj interface{}) { c.nsEnqueue(ns) } -func isNetworkIsolateEnabled(ns *corev1.Namespace) bool { - if ns.Annotations[NamespaceNPAnnotationKey] == NamespaceNPAnnotationEnabled { +func namespaceNetworkIsolateEnabled(ns *corev1.Namespace) bool { + if ns.Annotations != nil && ns.Annotations[NamespaceNPAnnotationKey] == NamespaceNPAnnotationEnabled { return true } @@ -429,9 +429,9 @@ func (c *NSNetworkPolicyController) syncNs(key string) error { matchWorkspace := false delete := false nsnpList, err := c.informer.Lister().NamespaceNetworkPolicies(ns.Name).List(labels.Everything()) - if isNetworkIsolateEnabled(ns) { + if namespaceNetworkIsolateEnabled(ns) { matchWorkspace = false - } else if wksp.Spec.NetworkIsolation { + } else if workspaceNetworkIsolationEnabled(wksp) { matchWorkspace = true } else { delete = true @@ -573,6 +573,13 @@ func (c *NSNetworkPolicyController) processNSNPWorkItem() bool { return true } +func workspaceNetworkIsolationEnabled(wksp *workspacev1alpha1.Workspace) bool { + if wksp.Spec.NetworkIsolation != nil && *wksp.Spec.NetworkIsolation { + return true + } + return false +} + // NewnamespacenpController returns a controller which manages NSNSP objects. func NewNSNetworkPolicyController( client kubernetes.Interface, @@ -607,7 +614,7 @@ func NewNSNetworkPolicyController( UpdateFunc: func(oldObj, newObj interface{}) { old := oldObj.(*workspacev1alpha1.Workspace) new := newObj.(*workspacev1alpha1.Workspace) - if old.Spec.NetworkIsolation == new.Spec.NetworkIsolation { + if workspaceNetworkIsolationEnabled(old) == workspaceNetworkIsolationEnabled(new) { return } controller.addWorkspace(newObj) diff --git a/pkg/controller/network/nsnetworkpolicy/nsnetworkpolicy_test.go b/pkg/controller/network/nsnetworkpolicy/nsnetworkpolicy_test.go index 9de28bccc..899218f15 100644 --- a/pkg/controller/network/nsnetworkpolicy/nsnetworkpolicy_test.go +++ b/pkg/controller/network/nsnetworkpolicy/nsnetworkpolicy_test.go @@ -134,6 +134,25 @@ var _ = Describe("Nsnetworkpolicy", func() { go c.Start(stopCh) }) + It("test func namespaceNetworkIsolateEnabled", func() { + ns := &corev1.Namespace{} + Expect(namespaceNetworkIsolateEnabled(ns)).To(BeFalse()) + ns.Annotations = make(map[string]string) + Expect(namespaceNetworkIsolateEnabled(ns)).To(BeFalse()) + ns.Annotations[NamespaceNPAnnotationKey] = NamespaceNPAnnotationEnabled + Expect(namespaceNetworkIsolateEnabled(ns)).To(BeTrue()) + }) + + It("test func workspaceNetworkIsolationEnabled", func() { + value := false + wksp := &wkspv1alpha1.Workspace{} + Expect(workspaceNetworkIsolationEnabled(wksp)).To(BeFalse()) + wksp.Spec.NetworkIsolation = &value + Expect(workspaceNetworkIsolationEnabled(wksp)).To(BeFalse()) + value = true + Expect(workspaceNetworkIsolationEnabled(wksp)).To(BeTrue()) + }) + It("Should create ns networkisolate np correctly in workspace", func() { objSrt := fmt.Sprintf(workspaceNP, "testns", constants.WorkspaceLabelKey, "testworkspace") obj := &netv1.NetworkPolicy{}