Enable simple NetworkPolicy

Signed-off-by: Sai Sindhur Malleni <[email protected]>

Author: Sai Sindhur Malleni

deploy/20_role.yaml

@@ -90,3 +90,15 @@ rules:
   - hyperfoils
   verbs:
   - '*'
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete

docs/uperf.md

@@ -34,6 +34,7 @@ spec:
       serviceip: false
       runtime_class: class_name
       hostnetwork: false
+      networkpolicy: false
       pin: false
       kind: pod
       pin_server: "node-0"
@@ -63,6 +64,8 @@ spec:
 
 `hostnetwork` will test the performance of the node the pod will run on.
 
+`networkpolicy` will create a simple networkpolicy for ingress
+
 *Note:* If you want to run with hostnetwork on `OpenShift`, you will need to execute the following:
 
 ```bash

playbook.yml

@@ -82,6 +82,9 @@
 
     - block:
 
+      - include_role:
+          name: "common"
+
       - include_role: 
           name: "{{ workload.name }}"
         vars:

resources/crds/ripsaw_v1alpha1_uperf_cr.yaml

@@ -15,6 +15,7 @@ spec:
     args:
       serviceip: false
       hostnetwork: false
+      networkpolicy: false
       pin: false
       multus:
         enabled: false

resources/crds/ripsaw_v1alpha1_uperf_vm.yaml

@@ -15,6 +15,7 @@ spec:
     args:
       hostnetwork: false # irrelevant for vms
       serviceip: false # irrelevant for vms
+      networkpolicy: false
       pin: false
       pin_server: "node-0"
       pin_client: "node-1"

roles/common/tasks/main.yml

@@ -0,0 +1,17 @@
+# common tasks across multiple roles go here
+- block:
+  - name: Get Network Policy
+    k8s_facts:
+      kind: NetworkPolicy
+      api_version: networking.k8s.io/v1
+      namespace: '{{ operator_namespace }}'
+      name: "{{ meta.name }}-networkpolicy-{{ trunc_uuid }}"
+    register: network_policy
+
+  - name: Create Network policy if enabled
+    k8s:
+      definition: "{{ lookup('template', 'networkpolicy.yml.j2') | from_yaml }}"
+    when: network_policy.resources | length < 1
+
+  when: workload.args.networkpolicy is defined and workload.args.networkpolicy
+

roles/common/templates/networkpolicy.yml.j2

@@ -0,0 +1,14 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: "{{ meta.name }}-networkpolicy-{{ trunc_uuid }}"
+  namespace: '{{ operator_namespace }}'
+spec:
+  podSelector: 
+    matchLabels:
+      type: "{{ meta.name }}-bench-server-{{ trunc_uuid }}"
+  ingress:
+  - from:
+    - podSelector: 
+        matchLabels:
+          type: "{{ meta.name }}-bench-client-{{ trunc_uuid }}"

roles/uperf/templates/workload.yml.j2

@@ -14,6 +14,7 @@ spec:
       labels:
         app: uperf-bench-client-{{ trunc_uuid }}
         clientfor: {{ item.metadata.labels.app }}
+        type: uperf-bench-client-{{ trunc_uuid }}
 {% if workload_args.multus.enabled is sameas true %}
       annotations:
         k8s.v1.cni.cncf.io/networks: {{ workload_args.multus.client }}

roles/uperf/templates/workload_vm.yml.j2

@@ -6,6 +6,7 @@ metadata:
   namespace: '{{ operator_namespace }}'
   labels:
     app: uperf-bench-client-{{ trunc_uuid }}
+    type: uperf-bench-client-{{ trunc_uuid }}
 spec:
   domain:
     cpu:

tests/test_crs/valid_uperf_networkpolicy.yaml

@@ -0,0 +1,40 @@
+apiVersion: ripsaw.cloudbulldozer.io/v1alpha1
+kind: Benchmark
+metadata:
+  name: example-benchmark
+  namespace: my-ripsaw
+spec:
+  elasticsearch:
+    server: ES_SERVER
+    port: ES_PORT
+    index_name: ripsaw-uperf
+  metadata:
+    collection: true
+  cleanup: false
+  workload:
+    name: uperf
+    args:
+      hostnetwork: false
+      serviceip: false
+      networkpolicy: true
+      pin: false
+      pin_server: "node-0"
+      pin_client: "node-1"
+      multus:
+        enabled: false
+      samples: 2
+      pair: 1
+      test_types:
+        - stream
+        - rr
+        - bidirec
+      protos:
+        - tcp
+        - udp
+      sizes:
+        - 1024
+        - 512
+      nthrs:
+        - 1
+        - 2
+      runtime: 2