From 552d4868adca55db1f3239cc44618838ef0c16ce Mon Sep 17 00:00:00 2001 From: Bradley Mayo Date: Wed, 10 Apr 2024 10:25:25 -0400 Subject: [PATCH 1/2] Create network policy during knative setup and add knative ports --- controllers/runtimecomponent_controller.go | 18 ++++++++++++++++++ utils/utils.go | 6 ++++++ 2 files changed, 24 insertions(+) diff --git a/controllers/runtimecomponent_controller.go b/controllers/runtimecomponent_controller.go index 8c2e691c..e7925704 100644 --- a/controllers/runtimecomponent_controller.go +++ b/controllers/runtimecomponent_controller.go @@ -262,6 +262,24 @@ func (r *RuntimeComponentReconciler) Reconcile(ctx context.Context, req ctrl.Req if isKnativeSupported { reqLogger.Info("Knative is supported and Knative Service is enabled") + + networkPolicy := &networkingv1.NetworkPolicy{ObjectMeta: defaultMeta} + if np := instance.Spec.NetworkPolicy; np == nil || np != nil && !np.IsDisabled() { + err = r.CreateOrUpdate(networkPolicy, instance, func() error { + appstacksutils.CustomizeNetworkPolicy(networkPolicy, r.IsOpenShift(), instance) + return nil + }) + if err != nil { + reqLogger.Error(err, "Failed to reconcile network policy") + return r.ManageError(err, common.StatusConditionTypeReconciled, instance) + } + } else { + if err := r.DeleteResource(networkPolicy); err != nil { + reqLogger.Error(err, "Failed to delete network policy") + return r.ManageError(err, common.StatusConditionTypeReconciled, instance) + } + } + ksvc := &servingv1.Service{ObjectMeta: defaultMeta} err = r.CreateOrUpdate(ksvc, instance, func() error { appstacksutils.CustomizeKnativeService(ksvc, instance) diff --git a/utils/utils.go b/utils/utils.go index a2f5f8d4..00a8a0c1 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -457,6 +457,12 @@ func customizeNetworkPolicyPorts(ingress *networkingv1.NetworkPolicyIngressRule, currentLen := len(ingress.Ports) desiredLen := len(ba.GetService().GetPorts()) + 1 // Add one for normal port + if ba.GetCreateKnativeService() != nil && *ba.GetCreateKnativeService() { + knativeports := []int32{8012, 8013, 8112, 8022, 9090, 9091} + ports = append(ports, knativeports...) + desiredLen += len(knativeports) + } + // Shrink if needed if currentLen > desiredLen { ingress.Ports = ingress.Ports[:desiredLen] From 4a5aab90ee6952cd70be42bd70ba994de76cfe07 Mon Sep 17 00:00:00 2001 From: Bradley Mayo Date: Wed, 10 Apr 2024 10:57:32 -0400 Subject: [PATCH 2/2] Skip main port in knative scenario --- utils/utils.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/utils/utils.go b/utils/utils.go index 00a8a0c1..0b8dda06 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -449,18 +449,21 @@ func createNetworkPolicyPeer(appName string, namespace string, networkPolicy com func customizeNetworkPolicyPorts(ingress *networkingv1.NetworkPolicyIngressRule, ba common.BaseComponent) { var ports []int32 - ports = append(ports, ba.GetService().GetPort()) + for _, port := range ba.GetService().GetPorts() { ports = append(ports, port.Port) } currentLen := len(ingress.Ports) - desiredLen := len(ba.GetService().GetPorts()) + 1 // Add one for normal port + desiredLen := len(ba.GetService().GetPorts()) if ba.GetCreateKnativeService() != nil && *ba.GetCreateKnativeService() { knativeports := []int32{8012, 8013, 8112, 8022, 9090, 9091} ports = append(ports, knativeports...) desiredLen += len(knativeports) + } else { + ports = append(ports, ba.GetService().GetPort()) + desiredLen += 1 // Add one for normal port } // Shrink if needed