From 7a0d2dded5ab7f8ee893f570ce3cc929afc59fa3 Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Wed, 7 Feb 2024 13:58:25 -0500 Subject: [PATCH 01/10] remove redis networkpolicy --- .../service/RedisFailoverClient.go | 14 - operator/redisfailover/ensurer.go | 3 - operator/redisfailover/service/client.go | 9 - .../redisfailover/service/generator_test.go | 246 ------------------ 4 files changed, 272 deletions(-) diff --git a/mocks/operator/redisfailover/service/RedisFailoverClient.go b/mocks/operator/redisfailover/service/RedisFailoverClient.go index 794f43cbb..de464abb9 100644 --- a/mocks/operator/redisfailover/service/RedisFailoverClient.go +++ b/mocks/operator/redisfailover/service/RedisFailoverClient.go @@ -168,20 +168,6 @@ func (_m *RedisFailoverClient) EnsureRedisMasterService(rFailover *v1.RedisFailo return r0 } -// EnsureRedisNetworkPolicy provides a mock function with given fields: rFailover, labels, ownerRefs -func (_m *RedisFailoverClient) EnsureRedisNetworkPolicy(rFailover *v1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error { - ret := _m.Called(rFailover, labels, ownerRefs) - - var r0 error - if rf, ok := ret.Get(0).(func(*v1.RedisFailover, map[string]string, []metav1.OwnerReference) error); ok { - r0 = rf(rFailover, labels, ownerRefs) - } else { - r0 = ret.Error(0) - } - - return r0 -} - // EnsureRedisReadinessConfigMap provides a mock function with given fields: rFailover, labels, ownerRefs func (_m *RedisFailoverClient) EnsureRedisReadinessConfigMap(rFailover *v1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error { ret := _m.Called(rFailover, labels, ownerRefs) diff --git a/operator/redisfailover/ensurer.go b/operator/redisfailover/ensurer.go index 392309b76..ee008eb9b 100644 --- a/operator/redisfailover/ensurer.go +++ b/operator/redisfailover/ensurer.go @@ -20,9 +20,6 @@ func (w *RedisFailoverHandler) Ensure(rf *redisfailoverv1.RedisFailover, labels } if !(len(rf.Spec.NetworkPolicyNsList) == 0) { - if err := w.rfService.EnsureRedisNetworkPolicy(rf, labels, or); err != nil { - return err - } if err := w.rfService.EnsureSentinelNetworkPolicy(rf, labels, or); err != nil { return err } diff --git a/operator/redisfailover/service/client.go b/operator/redisfailover/service/client.go index 41ab26ec1..3e6b52f99 100644 --- a/operator/redisfailover/service/client.go +++ b/operator/redisfailover/service/client.go @@ -19,7 +19,6 @@ type RedisFailoverClient interface { EnsureHAProxyRedisMasterConfigmap(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error EnsureHAProxyRedisMasterService(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error EnsureRedisHeadlessService(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error - EnsureRedisNetworkPolicy(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error EnsureSentinelNetworkPolicy(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error EnsureSentinelService(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error EnsureSentinelConfigMap(rFailover *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error @@ -87,14 +86,6 @@ func generateComponentLabel(componentType string) map[string]string { } } -// EnsureRedisNetworkPolicy makes sure the redis network policy exists -func (r *RedisFailoverKubeClient) EnsureRedisNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error { - svc := generateRedisNetworkPolicy(rf, labels, ownerRefs) - err := r.K8SService.CreateOrUpdateNetworkPolicy(rf.Namespace, svc) - r.setEnsureOperationMetrics(svc.Namespace, svc.Name, "EnsureRedisNetworkPolicy", rf.Name, err) - return err -} - // EnsureSentinelNetworkPolicy makes sure the redis network policy exists func (r *RedisFailoverKubeClient) EnsureSentinelNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) error { svc := generateSentinelNetworkPolicy(rf, labels, ownerRefs) diff --git a/operator/redisfailover/service/generator_test.go b/operator/redisfailover/service/generator_test.go index 888b4b353..cfa80bd4b 100644 --- a/operator/redisfailover/service/generator_test.go +++ b/operator/redisfailover/service/generator_test.go @@ -1416,252 +1416,6 @@ func TestHaproxyService(t *testing.T) { } } -func TestRedisNetworkPolicy(t *testing.T) { - tests := []struct { - name string - rfName string - rfNamespace string - rfRedisPort int - rfNetworkPolicyNamespaceEntries []redisfailoverv1.NetworkPolicyNamespaceEntry - rfLabels map[string]string - expected networkingv1.NetworkPolicy - }{ - { - name: "with defaults", - rfNetworkPolicyNamespaceEntries: []redisfailoverv1.NetworkPolicyNamespaceEntry{ - redisfailoverv1.NetworkPolicyNamespaceEntry{ - MatchLabelKey: "app.kubernetes.io/instance", - MatchLabelValue: namespace, - }, - }, - expected: networkingv1.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: "rfr-np-" + name, - Namespace: namespace, - Labels: map[string]string{ - "app.kubernetes.io/component": "redis", - "app.kubernetes.io/name": name, - "app.kubernetes.io/part-of": "redis-failover", - }, - Annotations: nil, - OwnerReferences: []metav1.OwnerReference{ - { - Name: "testing", - }, - }, - }, - Spec: networkingv1.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{ - "redisfailovers.databases.spotahome.com/component": "redis", - "redisfailovers.databases.spotahome.com/name": name, - }, - }, - Ingress: []networkingv1.NetworkPolicyIngressRule{ - networkingv1.NetworkPolicyIngressRule{ - From: []networkingv1.NetworkPolicyPeer{ - networkingv1.NetworkPolicyPeer{ - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/instance": namespace, - }, - }, - }, - }, - Ports: []networkingv1.NetworkPolicyPort{ - networkingv1.NetworkPolicyPort{ - Port: &intstr.IntOrString{ - IntVal: 6379, - Type: intstr.Int, - }, - }, - networkingv1.NetworkPolicyPort{ - Port: &intstr.IntOrString{ - IntVal: 9121, - Type: intstr.Int, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "with custom redis Port", - rfRedisPort: 6698, - rfNetworkPolicyNamespaceEntries: []redisfailoverv1.NetworkPolicyNamespaceEntry{ - redisfailoverv1.NetworkPolicyNamespaceEntry{ - MatchLabelKey: "app.kubernetes.io/instance", - MatchLabelValue: namespace, - }, - }, - expected: networkingv1.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: "rfr-np-" + name, - Namespace: namespace, - Labels: map[string]string{ - "app.kubernetes.io/component": "redis", - "app.kubernetes.io/name": name, - "app.kubernetes.io/part-of": "redis-failover", - }, - Annotations: nil, - OwnerReferences: []metav1.OwnerReference{ - { - Name: "testing", - }, - }, - }, - Spec: networkingv1.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{ - "redisfailovers.databases.spotahome.com/component": "redis", - "redisfailovers.databases.spotahome.com/name": name, - }, - }, - Ingress: []networkingv1.NetworkPolicyIngressRule{ - networkingv1.NetworkPolicyIngressRule{ - From: []networkingv1.NetworkPolicyPeer{ - networkingv1.NetworkPolicyPeer{ - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/instance": namespace, - }, - }, - }, - }, - Ports: []networkingv1.NetworkPolicyPort{ - networkingv1.NetworkPolicyPort{ - Port: &intstr.IntOrString{ - IntVal: 6698, - Type: intstr.Int, - }, - }, - networkingv1.NetworkPolicyPort{ - Port: &intstr.IntOrString{ - IntVal: 9121, - Type: intstr.Int, - }, - }, - }, - }, - }, - }, - }, - }, - { - name: "with custom NetorkPolicyNamespaceEntries", - rfNetworkPolicyNamespaceEntries: []redisfailoverv1.NetworkPolicyNamespaceEntry{ - redisfailoverv1.NetworkPolicyNamespaceEntry{ - MatchLabelKey: "app.kubernetes.io/instance", - MatchLabelValue: namespace, - }, - redisfailoverv1.NetworkPolicyNamespaceEntry{ - MatchLabelKey: "app.kubernetes.io/instance", - MatchLabelValue: "extra-namespace", - }, - }, - expected: networkingv1.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: "rfr-np-" + name, - Namespace: namespace, - Labels: map[string]string{ - "app.kubernetes.io/component": "redis", - "app.kubernetes.io/name": name, - "app.kubernetes.io/part-of": "redis-failover", - }, - Annotations: nil, - OwnerReferences: []metav1.OwnerReference{ - { - Name: "testing", - }, - }, - }, - Spec: networkingv1.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: map[string]string{ - "redisfailovers.databases.spotahome.com/component": "redis", - "redisfailovers.databases.spotahome.com/name": name, - }, - }, - Ingress: []networkingv1.NetworkPolicyIngressRule{ - networkingv1.NetworkPolicyIngressRule{ - From: []networkingv1.NetworkPolicyPeer{ - networkingv1.NetworkPolicyPeer{ - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/instance": namespace, - }, - }, - }, - networkingv1.NetworkPolicyPeer{ - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/instance": "extra-namespace", - }, - }, - }, - }, - Ports: []networkingv1.NetworkPolicyPort{ - networkingv1.NetworkPolicyPort{ - Port: &intstr.IntOrString{ - IntVal: 6379, - Type: intstr.Int, - }, - }, - networkingv1.NetworkPolicyPort{ - Port: &intstr.IntOrString{ - IntVal: 9121, - Type: intstr.Int, - }, - }, - }, - }, - }, - }, - }, - }, - } - - for _, test := range tests { - t.Run(test.name, func(t *testing.T) { - assert := assert.New(t) - - // Generate a default RedisFailover and attaching the required annotations - rf := generateRF() - if test.rfName != "" { - rf.Name = test.rfName - } - if test.rfNamespace != "" { - rf.Namespace = test.rfNamespace - } - if test.rfRedisPort <= 0 { - rf.Spec.Redis.Port = 6379 - - } else { - rf.Spec.Redis.Port = redisfailoverv1.Port(test.rfRedisPort) - } - if test.rfNetworkPolicyNamespaceEntries != nil { - rf.Spec.NetworkPolicyNsList = test.rfNetworkPolicyNamespaceEntries - } - - generated := networkingv1.NetworkPolicy{} - - ms := &mK8SService.Services{} - ms.On("CreateOrUpdateNetworkPolicy", rf.Namespace, mock.Anything).Once().Run(func(args mock.Arguments) { - s := args.Get(1).(*networkingv1.NetworkPolicy) - generated = *s - }).Return(nil) - - client := rfservice.NewRedisFailoverKubeClient(ms, log.Dummy, metrics.Dummy) - err := client.EnsureRedisNetworkPolicy(rf, test.rfLabels, []metav1.OwnerReference{{Name: "testing"}}) - - assert.Equal(test.expected, generated) - assert.NoError(err) - }) - } -} - func TestSentinelNetworkPolicy(t *testing.T) { tests := []struct { name string From 31cb162b9146f035f7e191c43040581527e4ac9f Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Wed, 7 Feb 2024 15:32:45 -0500 Subject: [PATCH 02/10] add egress rules for sentinel np --- operator/redisfailover/service/generator.go | 13 +++++++ .../redisfailover/service/generator_test.go | 39 +++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/operator/redisfailover/service/generator.go b/operator/redisfailover/service/generator.go index d0162a817..4b448a867 100644 --- a/operator/redisfailover/service/generator.go +++ b/operator/redisfailover/service/generator.go @@ -563,6 +563,19 @@ func generateSentinelNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map Ports: ports, }, }, + Egress: []np.NetworkPolicyEgressRule{ + np.NetworkPolicyEgressRule{ + To: []np.NetworkPolicyPeer{ + np.NetworkPolicyPeer{ + NamespaceSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app.kubernetes.io/instance": namespace, + }, + }, + }, + }, + }, + }, }, } } diff --git a/operator/redisfailover/service/generator_test.go b/operator/redisfailover/service/generator_test.go index cfa80bd4b..e8f04bd5e 100644 --- a/operator/redisfailover/service/generator_test.go +++ b/operator/redisfailover/service/generator_test.go @@ -1478,6 +1478,19 @@ func TestSentinelNetworkPolicy(t *testing.T) { }, }, }, + Egress: []networkingv1.NetworkPolicyEgressRule{ + networkingv1.NetworkPolicyEgressRule{ + To: []networkingv1.NetworkPolicyPeer{ + networkingv1.NetworkPolicyPeer{ + NamespaceSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app.kubernetes.io/instance": namespace, + }, + }, + }, + }, + }, + }, }, }, }, @@ -1534,6 +1547,19 @@ func TestSentinelNetworkPolicy(t *testing.T) { }, }, }, + Egress: []networkingv1.NetworkPolicyEgressRule{ + networkingv1.NetworkPolicyEgressRule{ + To: []networkingv1.NetworkPolicyPeer{ + networkingv1.NetworkPolicyPeer{ + NamespaceSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app.kubernetes.io/instance": namespace, + }, + }, + }, + }, + }, + }, }, }, }, @@ -1600,6 +1626,19 @@ func TestSentinelNetworkPolicy(t *testing.T) { }, }, }, + Egress: []networkingv1.NetworkPolicyEgressRule{ + networkingv1.NetworkPolicyEgressRule{ + To: []networkingv1.NetworkPolicyPeer{ + networkingv1.NetworkPolicyPeer{ + NamespaceSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "app.kubernetes.io/instance": namespace, + }, + }, + }, + }, + }, + }, }, }, }, From 01ae991f98d59124891e3ef8086288c7fd546173 Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Wed, 7 Feb 2024 15:43:47 -0500 Subject: [PATCH 03/10] remove redis networkpolicy unused function --- operator/redisfailover/service/generator.go | 57 --------------------- 1 file changed, 57 deletions(-) diff --git a/operator/redisfailover/service/generator.go b/operator/redisfailover/service/generator.go index 4b448a867..23c2a5a52 100644 --- a/operator/redisfailover/service/generator.go +++ b/operator/redisfailover/service/generator.go @@ -456,63 +456,6 @@ func generateHAProxyRedisSlaveService(rf *redisfailoverv1.RedisFailover, labels } } -func generateRedisNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) *np.NetworkPolicy { - name := GetRedisNetworkPolicyName(rf) - namespace := rf.Namespace - - networkPolicyNsList := rf.Spec.NetworkPolicyNsList - - selectorLabels := generateSelectorLabels(redisRoleName, rf.Name) - labels = util.MergeLabels(labels, selectorLabels) - - metricsTargetPort := intstr.FromInt(9121) - redisTargetPort := intstr.FromInt(int(rf.Spec.Redis.Port)) - - peers := []np.NetworkPolicyPeer{} - - for _, inputPeer := range networkPolicyNsList { - - labelKey := inputPeer.MatchLabelKey - labelValue := inputPeer.MatchLabelValue - - peers = append(peers, np.NetworkPolicyPeer{ - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{labelKey: labelValue}, - }, - }) - } - - ports := make([]np.NetworkPolicyPort, 0) - ports = append(ports, np.NetworkPolicyPort{ - Port: &redisTargetPort, - }, np.NetworkPolicyPort{ - Port: &metricsTargetPort, - }) - - return &np.NetworkPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: namespace, - Labels: labels, - OwnerReferences: ownerRefs, - }, - Spec: np.NetworkPolicySpec{ - PodSelector: metav1.LabelSelector{ - MatchLabels: util.MergeLabels( - map[string]string{"redisfailovers.databases.spotahome.com/name": rf.Name}, - generateComponentLabel("redis"), - ), - }, - Ingress: []np.NetworkPolicyIngressRule{ - np.NetworkPolicyIngressRule{ - From: peers, - Ports: ports, - }, - }, - }, - } -} - func generateSentinelNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map[string]string, ownerRefs []metav1.OwnerReference) *np.NetworkPolicy { name := GetSentinelNetworkPolicyName(rf) namespace := rf.Namespace From 0c2091e7d974b9e5866b58b87c9749e79e636304 Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Thu, 8 Feb 2024 09:59:01 -0500 Subject: [PATCH 04/10] add podselector labels --- operator/redisfailover/service/generator.go | 9 +++++++- .../redisfailover/service/generator_test.go | 21 +++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/operator/redisfailover/service/generator.go b/operator/redisfailover/service/generator.go index 23c2a5a52..5798f28fe 100644 --- a/operator/redisfailover/service/generator.go +++ b/operator/redisfailover/service/generator.go @@ -486,6 +486,8 @@ func generateSentinelNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map Port: &sentinelTargetPort, }) + redisfailoverLabels := map[string]string{"redisfailovers.databases.spotahome.com/name": rf.Name} + return &np.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: name, @@ -496,7 +498,7 @@ func generateSentinelNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map Spec: np.NetworkPolicySpec{ PodSelector: metav1.LabelSelector{ MatchLabels: util.MergeLabels( - map[string]string{"redisfailovers.databases.spotahome.com/name": rf.Name}, + redisfailoverLabels, generateComponentLabel("sentinel"), ), }, @@ -516,6 +518,11 @@ func generateSentinelNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map }, }, }, + np.NetworkPolicyPeer{ + PodSelector: &metav1.LabelSelector{ + MatchLabels: redisfailoverLabels, + }, + }, }, }, }, diff --git a/operator/redisfailover/service/generator_test.go b/operator/redisfailover/service/generator_test.go index e8f04bd5e..b439fffab 100644 --- a/operator/redisfailover/service/generator_test.go +++ b/operator/redisfailover/service/generator_test.go @@ -1488,6 +1488,13 @@ func TestSentinelNetworkPolicy(t *testing.T) { }, }, }, + networkingv1.NetworkPolicyPeer{ + PodSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "redisfailovers.databases.spotahome.com/name": name, + }, + }, + }, }, }, }, @@ -1557,6 +1564,13 @@ func TestSentinelNetworkPolicy(t *testing.T) { }, }, }, + networkingv1.NetworkPolicyPeer{ + PodSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "redisfailovers.databases.spotahome.com/name": name, + }, + }, + }, }, }, }, @@ -1636,6 +1650,13 @@ func TestSentinelNetworkPolicy(t *testing.T) { }, }, }, + networkingv1.NetworkPolicyPeer{ + PodSelector: &metav1.LabelSelector{ + MatchLabels: map[string]string{ + "redisfailovers.databases.spotahome.com/name": name, + }, + }, + }, }, }, }, From e68beb6c97d650a217c74abb3ea727c70d08a5bf Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Thu, 8 Feb 2024 11:11:07 -0500 Subject: [PATCH 05/10] keep only pod-selector for egress rules --- operator/redisfailover/service/generator.go | 7 ------- .../redisfailover/service/generator_test.go | 21 ------------------- 2 files changed, 28 deletions(-) diff --git a/operator/redisfailover/service/generator.go b/operator/redisfailover/service/generator.go index 5798f28fe..cb15228e2 100644 --- a/operator/redisfailover/service/generator.go +++ b/operator/redisfailover/service/generator.go @@ -511,13 +511,6 @@ func generateSentinelNetworkPolicy(rf *redisfailoverv1.RedisFailover, labels map Egress: []np.NetworkPolicyEgressRule{ np.NetworkPolicyEgressRule{ To: []np.NetworkPolicyPeer{ - np.NetworkPolicyPeer{ - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/instance": namespace, - }, - }, - }, np.NetworkPolicyPeer{ PodSelector: &metav1.LabelSelector{ MatchLabels: redisfailoverLabels, diff --git a/operator/redisfailover/service/generator_test.go b/operator/redisfailover/service/generator_test.go index b439fffab..91567f75e 100644 --- a/operator/redisfailover/service/generator_test.go +++ b/operator/redisfailover/service/generator_test.go @@ -1481,13 +1481,6 @@ func TestSentinelNetworkPolicy(t *testing.T) { Egress: []networkingv1.NetworkPolicyEgressRule{ networkingv1.NetworkPolicyEgressRule{ To: []networkingv1.NetworkPolicyPeer{ - networkingv1.NetworkPolicyPeer{ - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/instance": namespace, - }, - }, - }, networkingv1.NetworkPolicyPeer{ PodSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{ @@ -1557,13 +1550,6 @@ func TestSentinelNetworkPolicy(t *testing.T) { Egress: []networkingv1.NetworkPolicyEgressRule{ networkingv1.NetworkPolicyEgressRule{ To: []networkingv1.NetworkPolicyPeer{ - networkingv1.NetworkPolicyPeer{ - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/instance": namespace, - }, - }, - }, networkingv1.NetworkPolicyPeer{ PodSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{ @@ -1643,13 +1629,6 @@ func TestSentinelNetworkPolicy(t *testing.T) { Egress: []networkingv1.NetworkPolicyEgressRule{ networkingv1.NetworkPolicyEgressRule{ To: []networkingv1.NetworkPolicyPeer{ - networkingv1.NetworkPolicyPeer{ - NamespaceSelector: &metav1.LabelSelector{ - MatchLabels: map[string]string{ - "app.kubernetes.io/instance": namespace, - }, - }, - }, networkingv1.NetworkPolicyPeer{ PodSelector: &metav1.LabelSelector{ MatchLabels: map[string]string{ From 1a1b156faea250d4447bed27ce8fb64a078471d7 Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Thu, 8 Feb 2024 11:35:28 -0500 Subject: [PATCH 06/10] Update CHANGELOG.md --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d06eecf54..e3ad8107a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,9 @@ Also check this project's [releases](https://github.com/powerhome/redis-operator ## Unreleased +### Fixed +- [Update Redis Sentinel NetworkPolicy Rules](https://github.com/powerhome/redis-operator/pull/42). + ## [v2.0.0] - 2024-01-18 ### Added From fc5b073731dbe9b2c40f454f68f2745b0fec68ea Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Fri, 9 Feb 2024 08:25:22 -0500 Subject: [PATCH 07/10] Update CHANGELOG.md Co-authored-by: Aaron Kuehler --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e3ad8107a..ac0174360 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,7 +10,7 @@ Also check this project's [releases](https://github.com/powerhome/redis-operator ## Unreleased ### Fixed -- [Update Redis Sentinel NetworkPolicy Rules](https://github.com/powerhome/redis-operator/pull/42). +- [Sentinels shoud only be allowed to talk to pods belonging to their RedisFailover Custom Resource](https://github.com/powerhome/redis-operator/pull/42). ## [v2.0.0] - 2024-01-18 From 90356094e7e6ccab4e816ee7577a932f5fcefd1e Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Fri, 9 Feb 2024 08:27:01 -0500 Subject: [PATCH 08/10] bump redis-operator version --- CHANGELOG.md | 2 ++ Makefile | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ac0174360..a21bc77fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ Also check this project's [releases](https://github.com/powerhome/redis-operator ## Unreleased +## [v2.0.1] - 2024-02-09 + ### Fixed - [Sentinels shoud only be allowed to talk to pods belonging to their RedisFailover Custom Resource](https://github.com/powerhome/redis-operator/pull/42). diff --git a/Makefile b/Makefile index d68a7b97a..498766eb5 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION := v2.0.0 +VERSION := v2.0.1 # Name of this service/application SERVICE_NAME := redis-operator From 002f4cab70dcaa8f321d18d6a0eb593b527debe9 Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Fri, 9 Feb 2024 09:02:00 -0500 Subject: [PATCH 09/10] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a21bc77fe..057f82a4b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,10 @@ Also check this project's [releases](https://github.com/powerhome/redis-operator ### Fixed - [Sentinels shoud only be allowed to talk to pods belonging to their RedisFailover Custom Resource](https://github.com/powerhome/redis-operator/pull/42). +Update notes: + +This update alters the method by which the operator creates network policies. In version v2.0.0, there were two separate network policies: one for Redis and another for Redis Sentinels. From version v2.0.1 onwards, the operator will only generate a network policy for Sentinels. It is crucial to be aware that following the upgrade to this version, the existing network policy for Redis instances will persist and must be deleted manually. + ## [v2.0.0] - 2024-01-18 ### Added From afd7454d64c203099976890303392aad2993f8ec Mon Sep 17 00:00:00 2001 From: Artur Zheludkov Date: Fri, 9 Feb 2024 09:04:13 -0500 Subject: [PATCH 10/10] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 057f82a4b..2eebb6d76 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,7 +16,7 @@ Also check this project's [releases](https://github.com/powerhome/redis-operator Update notes: -This update alters the method by which the operator creates network policies. In version v2.0.0, there were two separate network policies: one for Redis and another for Redis Sentinels. From version v2.0.1 onwards, the operator will only generate a network policy for Sentinels. It is crucial to be aware that following the upgrade to this version, the existing network policy for Redis instances will persist and must be deleted manually. +This update modifies how the operator generates network policies. In version v2.0.0, there were two separate network policies: one for Redis and another for Redis Sentinels. From version v2.0.1 onwards, the operator will only generate a network policy for Sentinels. It is crucial to be aware that following the upgrade to this version, the existing network policy for Redis instances will persist and must be deleted manually. ## [v2.0.0] - 2024-01-18