remove redis networkpolicy

operator/redisfailover/ensurer.go

@@ -20,9 +20,6 @@ func (w *RedisFailoverHandler) Ensure(rf *redisfailoverv1.RedisFailover, labels
 	}
 
 	if !(len(rf.Spec.NetworkPolicyNsList) == 0) {
-		if err := w.rfService.EnsureRedisNetworkPolicy(rf, labels, or); err != nil {
-			return err
-		}
 		if err := w.rfService.EnsureSentinelNetworkPolicy(rf, labels, or); err != nil {
 			return err
 		}

operator/redisfailover/service/client.go

@@ -19,7 +19,6 @@ type RedisFailoverClient interface {
 	EnsureHAProxyRedisMasterConfigmap(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error
 	EnsureHAProxyRedisMasterService(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error
 	EnsureRedisHeadlessService(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error
-	EnsureRedisNetworkPolicy(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error
 	EnsureSentinelNetworkPolicy(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error
 	EnsureSentinelService(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error
 	EnsureSentinelConfigMap(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error
@@ -87,14 +86,6 @@ func generateComponentLabel(componentType string) map[string]string {
 	}
 }
 
-// EnsureRedisNetworkPolicy makes sure the redis network policy exists
-func (r *RedisFailoverKubeClient) EnsureRedisNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error {
-	svc := generateRedisNetworkPolicy(rf, labels, ownerRefs)
-	err := r.K8SService.CreateOrUpdateNetworkPolicy(rf.Namespace, svc)
-	r.setEnsureOperationMetrics(svc.Namespace, svc.Name, "EnsureRedisNetworkPolicy", rf.Name, err)
-	return err
-}
-
 // EnsureSentinelNetworkPolicy makes sure the redis network policy exists
 func (r *RedisFailoverKubeClient) EnsureSentinelNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error {
 	svc := generateSentinelNetworkPolicy(rf, labels, ownerRefs)

operator/redisfailover/service/generator_test.go

@@ -1416,252 +1416,6 @@ func TestHaproxyService(t *testing.T) {
 	}
 }
 
-func TestRedisNetworkPolicy(t *testing.T) {
-	tests := []struct {
-		name                            string
-		rfName                          string
-		rfNamespace                     string
-		rfRedisPort                     int
-		rfNetworkPolicyNamespaceEntries []redisfailoverv1.NetworkPolicyNamespaceEntry
-		rfLabels                        map[string]string
-		expected                        networkingv1.NetworkPolicy
-	}{
-		{
-			name: "with defaults",
-			rfNetworkPolicyNamespaceEntries: []redisfailoverv1.NetworkPolicyNamespaceEntry{
-				redisfailoverv1.NetworkPolicyNamespaceEntry{
-					MatchLabelKey:   "app.kubernetes.io/instance",
-					MatchLabelValue: namespace,
-				},
-			},
-			expected: networkingv1.NetworkPolicy{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "rfr-np-" + name,
-					Namespace: namespace,
-					Labels: map[string]string{
-						"app.kubernetes.io/component": "redis",
-						"app.kubernetes.io/name":      name,
-						"app.kubernetes.io/part-of":   "redis-failover",
-					},
-					Annotations: nil,
-					OwnerReferences: []metav1.OwnerReference{
-						{
-							Name: "testing",
-						},
-					},
-				},
-				Spec: networkingv1.NetworkPolicySpec{
-					PodSelector: metav1.LabelSelector{
-						MatchLabels: map[string]string{
-							"redisfailovers.databases.spotahome.com/component": "redis",
-							"redisfailovers.databases.spotahome.com/name":      name,
-						},
-					},
-					Ingress: []networkingv1.NetworkPolicyIngressRule{
-						networkingv1.NetworkPolicyIngressRule{
-							From: []networkingv1.NetworkPolicyPeer{
-								networkingv1.NetworkPolicyPeer{
-									NamespaceSelector: &metav1.LabelSelector{
-										MatchLabels: map[string]string{
-											"app.kubernetes.io/instance": namespace,
-										},
-									},
-								},
-							},
-							Ports: []networkingv1.NetworkPolicyPort{
-								networkingv1.NetworkPolicyPort{
-									Port: &intstr.IntOrString{
-										IntVal: 6379,
-										Type:   intstr.Int,
-									},
-								},
-								networkingv1.NetworkPolicyPort{
-									Port: &intstr.IntOrString{
-										IntVal: 9121,
-										Type:   intstr.Int,
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			name:        "with custom redis Port",
-			rfRedisPort: 6698,
-			rfNetworkPolicyNamespaceEntries: []redisfailoverv1.NetworkPolicyNamespaceEntry{
-				redisfailoverv1.NetworkPolicyNamespaceEntry{
-					MatchLabelKey:   "app.kubernetes.io/instance",
-					MatchLabelValue: namespace,
-				},
-			},
-			expected: networkingv1.NetworkPolicy{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "rfr-np-" + name,
-					Namespace: namespace,
-					Labels: map[string]string{
-						"app.kubernetes.io/component": "redis",
-						"app.kubernetes.io/name":      name,
-						"app.kubernetes.io/part-of":   "redis-failover",
-					},
-					Annotations: nil,
-					OwnerReferences: []metav1.OwnerReference{
-						{
-							Name: "testing",
-						},
-					},
-				},
-				Spec: networkingv1.NetworkPolicySpec{
-					PodSelector: metav1.LabelSelector{
-						MatchLabels: map[string]string{
-							"redisfailovers.databases.spotahome.com/component": "redis",
-							"redisfailovers.databases.spotahome.com/name":      name,
-						},
-					},
-					Ingress: []networkingv1.NetworkPolicyIngressRule{
-						networkingv1.NetworkPolicyIngressRule{
-							From: []networkingv1.NetworkPolicyPeer{
-								networkingv1.NetworkPolicyPeer{
-									NamespaceSelector: &metav1.LabelSelector{
-										MatchLabels: map[string]string{
-											"app.kubernetes.io/instance": namespace,
-										},
-									},
-								},
-							},
-							Ports: []networkingv1.NetworkPolicyPort{
-								networkingv1.NetworkPolicyPort{
-									Port: &intstr.IntOrString{
-										IntVal: 6698,
-										Type:   intstr.Int,
-									},
-								},
-								networkingv1.NetworkPolicyPort{
-									Port: &intstr.IntOrString{
-										IntVal: 9121,
-										Type:   intstr.Int,
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			name: "with custom NetorkPolicyNamespaceEntries",
-			rfNetworkPolicyNamespaceEntries: []redisfailoverv1.NetworkPolicyNamespaceEntry{
-				redisfailoverv1.NetworkPolicyNamespaceEntry{
-					MatchLabelKey:   "app.kubernetes.io/instance",
-					MatchLabelValue: namespace,
-				},
-				redisfailoverv1.NetworkPolicyNamespaceEntry{
-					MatchLabelKey:   "app.kubernetes.io/instance",
-					MatchLabelValue: "extra-namespace",
-				},
-			},
-			expected: networkingv1.NetworkPolicy{
-				ObjectMeta: metav1.ObjectMeta{
-					Name:      "rfr-np-" + name,
-					Namespace: namespace,
-					Labels: map[string]string{
-						"app.kubernetes.io/component": "redis",
-						"app.kubernetes.io/name":      name,
-						"app.kubernetes.io/part-of":   "redis-failover",
-					},
-					Annotations: nil,
-					OwnerReferences: []metav1.OwnerReference{
-						{
-							Name: "testing",
-						},
-					},
-				},
-				Spec: networkingv1.NetworkPolicySpec{
-					PodSelector: metav1.LabelSelector{
-						MatchLabels: map[string]string{
-							"redisfailovers.databases.spotahome.com/component": "redis",
-							"redisfailovers.databases.spotahome.com/name":      name,
-						},
-					},
-					Ingress: []networkingv1.NetworkPolicyIngressRule{
-						networkingv1.NetworkPolicyIngressRule{
-							From: []networkingv1.NetworkPolicyPeer{
-								networkingv1.NetworkPolicyPeer{
-									NamespaceSelector: &metav1.LabelSelector{
-										MatchLabels: map[string]string{
-											"app.kubernetes.io/instance": namespace,
-										},
-									},
-								},
-								networkingv1.NetworkPolicyPeer{
-									NamespaceSelector: &metav1.LabelSelector{
-										MatchLabels: map[string]string{
-											"app.kubernetes.io/instance": "extra-namespace",
-										},
-									},
-								},
-							},
-							Ports: []networkingv1.NetworkPolicyPort{
-								networkingv1.NetworkPolicyPort{
-									Port: &intstr.IntOrString{
-										IntVal: 6379,
-										Type:   intstr.Int,
-									},
-								},
-								networkingv1.NetworkPolicyPort{
-									Port: &intstr.IntOrString{
-										IntVal: 9121,
-										Type:   intstr.Int,
-									},
-								},
-							},
-						},
-					},
-				},
-			},
-		},
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			assert := assert.New(t)
-
-			// Generate a default RedisFailover and attaching the required annotations
-			rf := generateRF()
-			if test.rfName != "" {
-				rf.Name = test.rfName
-			}
-			if test.rfNamespace != "" {
-				rf.Namespace = test.rfNamespace
-			}
-			if test.rfRedisPort <= 0 {
-				rf.Spec.Redis.Port = 6379
-
-			} else {
-				rf.Spec.Redis.Port = redisfailoverv1.Port(test.rfRedisPort)
-			}
-			if test.rfNetworkPolicyNamespaceEntries != nil {
-				rf.Spec.NetworkPolicyNsList = test.rfNetworkPolicyNamespaceEntries
-			}
-
-			generated := networkingv1.NetworkPolicy{}
-
-			ms := &mK8SService.Services{}
-			ms.On("CreateOrUpdateNetworkPolicy", rf.Namespace, mock.Anything).Once().Run(func(args mock.Arguments) {
-				s := args.Get(1).(*networkingv1.NetworkPolicy)
-				generated = *s
-			}).Return(nil)
-
-			client := rfservice.NewRedisFailoverKubeClient(ms, log.Dummy, metrics.Dummy)
-			err := client.EnsureRedisNetworkPolicy(rf, test.rfLabels, []metav1.OwnerReference{{Name: "testing"}})
-
-			assert.Equal(test.expected, generated)
-			assert.NoError(err)
-		})
-	}
-}
-
 func TestSentinelNetworkPolicy(t *testing.T) {
 	tests := []struct {
 		name                            string