hendrik/lens
1
0
Fork 0
mirror of https://github.com/lensapp/lens.git synced 2025-05-20 05:10:56 +00:00
Code Issues Projects Releases Wiki Activity

Fix NetworkPolicy engresses not having node/pod selectors displayed (#4467)

Browse Source
This commit is contained in:
Sebastian Malton 2021-12-01 08:08:26 -05:00 committed by GitHub
parent cd2f5094dc
commit 4257fce2f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 274 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/common/k8s-api/endpoints/daemon-set.api.ts
View File

@ -27,6 +27,7 @@ import { metricsApi } from "./metrics.api";
import type { KubeJsonApiData } from "../kube-json-api";
import type { IPodContainer, IPodMetrics } from "./pods.api";
import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
import type { LabelSelector } from "../kube-object";
export class DaemonSet extends WorkloadKubeObject {
static kind = "DaemonSet";
@ -39,11 +40,7 @@ export class DaemonSet extends WorkloadKubeObject {
}
declare spec: {
selector: {
matchLabels: {
[name: string]: string;
};
};
selector: LabelSelector;
template: {
metadata: {
creationTimestamp?: string;

3
src/common/k8s-api/endpoints/deployment.api.ts
View File

@ -28,6 +28,7 @@ import { metricsApi } from "./metrics.api";
import type { IPodMetrics } from "./pods.api";
import type { KubeJsonApiData } from "../kube-json-api";
import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
import type { LabelSelector } from "../kube-object";
export class DeploymentApi extends KubeApi<Deployment> {
protected getScaleApiUrl(params: { namespace: string; name: string }) {
@ -124,7 +125,7 @@ export class Deployment extends WorkloadKubeObject {
declare spec: {
replicas: number;
selector: { matchLabels: { [app: string]: string }};
selector: LabelSelector;
template: {
metadata: {
creationTimestamp?: string;

7
src/common/k8s-api/endpoints/job.api.ts
View File

@ -27,6 +27,7 @@ import { metricsApi } from "./metrics.api";
import type { KubeJsonApiData } from "../kube-json-api";
import type { IPodContainer, IPodMetrics } from "./pods.api";
import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
import type { LabelSelector } from "../kube-object";
export class Job extends WorkloadKubeObject {
static kind = "Job";
@ -42,11 +43,7 @@ export class Job extends WorkloadKubeObject {
parallelism?: number;
completions?: number;
backoffLimit?: number;
selector?: {
matchLabels: {
[name: string]: string;
};
};
selector?: LabelSelector;
template: {
metadata: {
creationTimestamp?: string;

112
src/common/k8s-api/endpoints/network-policy.api.ts
View File

@ -19,7 +19,7 @@
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
import { KubeObject } from "../kube-object";
import { KubeObject, LabelSelector } from "../kube-object";
import { autoBind } from "../../utils";
import { KubeApi } from "../kube-api";
import type { KubeJsonApiData } from "../kube-json-api";
@ -30,46 +30,94 @@ export interface IPolicyIpBlock {
except?: string[];
}
export interface IPolicySelector {
matchLabels: {
[label: string]: string;
};
/**
* @deprecated Use `LabelSelector` instead
*/
export type IPolicySelector = LabelSelector;
export interface NetworkPolicyPort {
/**
* The protocol which network traffic must match.
*
* One of:
* - `"TCP"`
* - `"UDP"`
* - `"SCTP"`
*
* @default "TCP"
*/
protocol?: string;
/**
* The port on the given protocol. This can either be a numerical or named
* port on a pod. If this field is not provided, this matches all port names and
* numbers.
*
* If present, only traffic on the specified protocol AND port will be matched.
*/
port?: number | string;
/**
* If set, indicates that the range of ports from port to endPort, inclusive,
* should be allowed by the policy. This field cannot be defined if the port field
* is not defined or if the port field is defined as a named (string) port.
*
* The endPort must be equal or greater than port.
*/
endPort?: number;
}
export interface NetworkPolicyPeer {
/**
* IPBlock defines policy on a particular IPBlock. If this field is set then
* neither of the other fields can be.
*/
ipBlock?: IPolicyIpBlock;
/**
* Selects Namespaces using cluster-scoped labels. This field follows standard label
* selector semantics; if present but empty, it selects all namespaces.
*
* If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
* the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
*
* Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
*/
namespaceSelector?: LabelSelector;
/**
* This is a label selector which selects Pods. This field follows standard label
* selector semantics; if present but empty, it selects all pods.
*
* If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
* the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
*
* Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
*/
podSelector?: LabelSelector;
}
export interface IPolicyIngress {
from: {
ipBlock?: IPolicyIpBlock;
namespaceSelector?: IPolicySelector;
podSelector?: IPolicySelector;
}[];
ports: {
protocol: string;
port: number;
}[];
from?: NetworkPolicyPeer[];
ports?: NetworkPolicyPort[];
}
export interface IPolicyEgress {
to: {
ipBlock: IPolicyIpBlock;
}[];
ports: {
protocol: string;
port: number;
}[];
to?: NetworkPolicyPeer[];
ports?: NetworkPolicyPort[];
}
export type PolicyType = "Ingress" | "Egress";
export interface NetworkPolicySpec {
podSelector: LabelSelector;
policyTypes?: PolicyType[];
ingress?: IPolicyIngress[];
egress?: IPolicyEgress[];
}
export interface NetworkPolicy {
spec: {
podSelector: {
matchLabels: {
[label: string]: string;
role: string;
};
};
policyTypes: string[];
ingress: IPolicyIngress[];
egress: IPolicyEgress[];
};
spec: NetworkPolicySpec;
}
export class NetworkPolicy extends KubeObject {

13
src/common/k8s-api/endpoints/persistent-volume-claims.api.ts
View File

@ -19,7 +19,7 @@
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
import { KubeObject } from "../kube-object";
import { KubeObject, LabelSelector } from "../kube-object";
import { autoBind } from "../../utils";
import { IMetrics, metricsApi } from "./metrics.api";
import type { Pod } from "./pods.api";
@ -51,16 +51,7 @@ export interface PersistentVolumeClaim {
spec: {
accessModes: string[];
storageClassName: string;
selector: {
matchLabels: {
release: string;
};
matchExpressions: {
key: string; // environment,
operator: string; // In,
values: string[]; // [dev]
}[];
};
selector: LabelSelector;
resources: {
requests: {
storage: string; // 8Gi

4
src/common/k8s-api/endpoints/poddisruptionbudget.api.ts
View File

@ -20,7 +20,7 @@
*/
import { autoBind } from "../../utils";
import { KubeObject } from "../kube-object";
import { KubeObject, LabelSelector } from "../kube-object";
import { KubeApi } from "../kube-api";
import type { KubeJsonApiData } from "../kube-json-api";
import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
@ -29,7 +29,7 @@ export interface PodDisruptionBudget {
spec: {
minAvailable: string;
maxUnavailable: string;
selector: { matchLabels: { [app: string]: string }};
selector: LabelSelector;
};
status: {
currentHealthy: number

3
src/common/k8s-api/endpoints/replica-set.api.ts
View File

@ -27,6 +27,7 @@ import { metricsApi } from "./metrics.api";
import type { IPodContainer, IPodMetrics, Pod } from "./pods.api";
import type { KubeJsonApiData } from "../kube-json-api";
import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
import type { LabelSelector } from "../kube-object";
export class ReplicaSetApi extends KubeApi<ReplicaSet> {
protected getScaleApiUrl(params: { namespace: string; name: string }) {
@ -80,7 +81,7 @@ export class ReplicaSet extends WorkloadKubeObject {
declare spec: {
replicas?: number;
selector: { matchLabels: { [app: string]: string }};
selector: LabelSelector;
template?: {
metadata: {
labels: {

7
src/common/k8s-api/endpoints/stateful-set.api.ts
View File

@ -26,6 +26,7 @@ import { metricsApi } from "./metrics.api";
import type { IPodMetrics } from "./pods.api";
import type { KubeJsonApiData } from "../kube-json-api";
import { isClusterPageContext } from "../../utils/cluster-id-url-parsing";
import type { LabelSelector } from "../kube-object";
export class StatefulSetApi extends KubeApi<StatefulSet> {
protected getScaleApiUrl(params: { namespace: string; name: string }) {
@ -84,11 +85,7 @@ export class StatefulSet extends WorkloadKubeObject {
declare spec: {
serviceName: string;
replicas: number;
selector: {
matchLabels: {
[key: string]: string;
};
};
selector: LabelSelector;
template: {
metadata: {
labels: {

28
src/common/k8s-api/kube-object.ts
View File

@ -104,6 +104,34 @@ export class KubeCreationError extends Error {
}
}
export type LabelMatchExpression = {
/**
* The label key that the selector applies to.
*/
key: string;
} & (
{
/**
* This represents the key's relationship to a set of values.
*/
operator: "Exists" | "DoesNotExist";
values?: undefined;
}
|
{
operator: "In" | "NotIn";
/**
* The set of values for to match according to the operator for the label.
*/
values: string[];
}
);
export interface LabelSelector {
matchLabels?: Record<string, string | undefined>;
matchExpressions?: LabelMatchExpression[];
}
export class KubeObject<Metadata extends KubeObjectMetadata = KubeObjectMetadata, Status = any, Spec = any> implements ItemObject {
static readonly kind?: string;
static readonly namespaced?: boolean;

56
src/renderer/components/+network-policies/__tests__/network-policy-details.test.tsx Normal file
View File

@ -0,0 +1,56 @@
/**
* Copyright (c) 2021 OpenLens Authors
*
* Permission is hereby granted, free of charge, to any person obtaining a copy of
* this software and associated documentation files (the "Software"), to deal in
* the Software without restriction, including without limitation the rights to
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
* the Software, and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
import React from "react";
import { findByTestId, findByText, render } from "@testing-library/react";
import { NetworkPolicy, NetworkPolicySpec } from "../../../../common/k8s-api/endpoints";
import { NetworkPolicyDetails } from "../network-policy-details";
jest.mock("../../kube-object-meta");
describe("NetworkPolicyDetails", () => {
it("should render w/o errors", () => {
const policy = new NetworkPolicy({ metadata: {} as any, spec: {}} as any);
const { container } = render(<NetworkPolicyDetails object={policy} />);
expect(container).toBeInstanceOf(HTMLElement);
});
it("should render egress nodeSelector", async () => {
const spec: NetworkPolicySpec = {
egress: [{
to: [{
namespaceSelector: {
matchLabels: {
foo: "bar",
},
},
}],
}],
podSelector: {},
};
const policy = new NetworkPolicy({ metadata: {} as any, spec } as any);
const { container } = render(<NetworkPolicyDetails object={policy} />);
expect(await findByTestId(container, "egress-0")).toBeInstanceOf(HTMLElement);
expect(await findByText(container, "foo: bar")).toBeInstanceOf(HTMLElement);
});
});

10
src/renderer/components/+network-policies/network-policy-details.scss → src/renderer/components/+network-policies/network-policy-details.module.css
View File

@ -20,7 +20,13 @@
*/
.NetworkPolicyDetails {
.SubTitle {
.networkPolicyPeerTitle {
text-transform: none
}
}
.networkPolicyPeer {
&:not(:last-of-type) {
padding-bottom: 16px;
}
}
}

182
src/renderer/components/+network-policies/network-policy-details.tsx
View File

@ -19,12 +19,11 @@
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
import "./network-policy-details.scss";
import styles from "./network-policy-details.module.css";
import get from "lodash/get";
import React, { Fragment } from "react";
import React from "react";
import { DrawerItem, DrawerTitle } from "../drawer";
import { IPolicyEgress, IPolicyIngress, IPolicyIpBlock, IPolicySelector, NetworkPolicy } from "../../../common/k8s-api/endpoints/network-policy.api";
import { IPolicyIpBlock, IPolicySelector, NetworkPolicy, NetworkPolicyPeer, NetworkPolicyPort } from "../../../common/k8s-api/endpoints/network-policy.api";
import { Badge } from "../badge";
import { SubTitle } from "../layout/sub-title";
import { observer } from "mobx-react";
@ -37,78 +36,84 @@ interface Props extends KubeObjectDetailsProps<NetworkPolicy> {
@observer
export class NetworkPolicyDetails extends React.Component<Props> {
renderIngressFrom(ingress: IPolicyIngress) {
const { from } = ingress;
renderIPolicyIpBlock(ipBlock: IPolicyIpBlock | undefined) {
if (!ipBlock) {
return null;
}
if (!from) return null;
const { cidr, except = [] } = ipBlock;
if (!cidr) {
return null;
}
const items = [`cidr: ${cidr}`];
if (except.length > 0) {
items.push(`except: ${except.join(", ")}`);
}
return (
<DrawerItem name="ipBlock">
{items.join(", ")}
</DrawerItem>
);
}
renderIPolicySelector(name: string, selector: IPolicySelector | undefined) {
if (!selector) {
return null;
}
return (
<DrawerItem name={name}>
{
Object
.entries(selector.matchLabels)
.map(data => data.join(": "))
.join(", ")
|| "(empty)"
}
</DrawerItem>
);
}
renderNetworkPolicyPeers(name: string, peers: NetworkPolicyPeer[] | undefined) {
if (!peers) {
return null;
}
return (
<>
<SubTitle title="From"/>
{from.map(item =>
Object.keys(item).map(key => {
const data = get(item, key);
if (key === "ipBlock") {
const { cidr, except } = data as IPolicyIpBlock;
if (!cidr) return null;
return (
<DrawerItem name={key} key={key}>
cidr: {cidr}, {" "}
{except &&
`except: ${except.join(", ")}`
}
</DrawerItem>
);
}
const selector: IPolicySelector = data;
if (selector.matchLabels) {
return (
<DrawerItem name={key} key={key}>
{
Object
.entries(selector.matchLabels)
.map(data => data.join(": "))
.join(", ")
}
</DrawerItem>
);
}
else {
return (<DrawerItem name={key} key={key}>(empty)</DrawerItem>);
}
}),
)}
<SubTitle className={styles.networkPolicyPeerTitle} title={name}/>
{
peers.map((peer, index) => (
<div key={index} className={styles.networkPolicyPeer}>
{this.renderIPolicyIpBlock(peer.ipBlock)}
{this.renderIPolicySelector("namespaceSelector", peer.namespaceSelector)}
{this.renderIPolicySelector("podSelector", peer.podSelector)}
</div>
))
}
</>
);
}
renderEgressTo(egress: IPolicyEgress) {
const { to } = egress;
if (!to) return null;
renderNetworkPolicyPorts(ports: NetworkPolicyPort[] | undefined) {
if (!ports) {
return null;
}
return (
<>
<SubTitle title="To"/>
{to.map(item => {
const { ipBlock: { cidr, except } = {}} = item;
if (!cidr) return null;
return (
<DrawerItem name="ipBlock" key={cidr}>
cidr: {cidr}, {" "}
{except &&
`except: ${except.join(", ")}`
}
</DrawerItem>
);
})}
</>
<DrawerItem name="Ports">
<ul>
{ports.map(({ protocol = "TCP", port = "<all>", endPort }, index) => (
<li key={index}>
{protocol}:{port}{typeof endPort === "number" && `:${endPort}`}
</li>
))}
</ul>
</DrawerItem>
);
}
@ -129,49 +134,38 @@ export class NetworkPolicyDetails extends React.Component<Props> {
const selector = policy.getMatchLabels();
return (
<div className="NetworkPolicyDetails">
<div className={styles.NetworkPolicyDetails}>
<KubeObjectMeta object={policy}/>
<DrawerItem name="Pod Selector" labelsOnly={selector.length > 0}>
{selector.length > 0 ?
policy.getMatchLabels().map(label => <Badge key={label} label={label}/>) :
`(empty) (Allowing the specific traffic to all pods in this namespace)`
{
selector.length > 0
? policy.getMatchLabels().map(label => <Badge key={label} label={label}/>)
: `(empty) (Allowing the specific traffic to all pods in this namespace)`
}
</DrawerItem>
{ingress && (
<>
<DrawerTitle title="Ingress"/>
{ingress.map((ingress, i) => {
const { ports } = ingress;
return (
<Fragment key={i}>
<DrawerItem name="Ports">
{ports && ports.map(({ port, protocol }) => `${protocol || ""}:${port || ""}`).join(", ")}
</DrawerItem>
{this.renderIngressFrom(ingress)}
</Fragment>
);
})}
{ingress.map((ingress, i) => (
<div key={i} data-testid={`ingress-${i}`}>
{this.renderNetworkPolicyPorts(ingress.ports)}
{this.renderNetworkPolicyPeers("From", ingress.from)}
</div>
))}
</>
)}
{egress && (
<>
<DrawerTitle title="Egress"/>
{egress.map((egress, i) => {
const { ports } = egress;
return (
<Fragment key={i}>
<DrawerItem name="Ports">
{ports && ports.map(({ port, protocol }) => `${protocol || ""}:${port || ""}`).join(", ")}
</DrawerItem>
{this.renderEgressTo(egress)}
</Fragment>
);
})}
{egress.map((egress, i) => (
<div key={i} data-testid={`egress-${i}`}>
{this.renderNetworkPolicyPorts(egress.ports)}
{this.renderNetworkPolicyPeers("To", egress.to)}
</div>
))}
</>
)}
</div>