def _get_network_policy_spec(self, spec):
''' Return V1beta1NetworkPolicySpec
'''
ingress_rules = spec.get('ingress', [])
ingress_rules_obj = []
egress_rules = spec.get('egress', [])
egress_rules_obj = []
policy_types = spec.get('policy_types', None)
pod_selector = self._get_label_selector(**spec['pod_selector'])
for rule in ingress_rules:
_from = self._get_network_policy_peer_list(
rule_list=rule.get('from', []))
ports = self._get_network_policy_port_list(rule.get('ports', []))
ingress_rules_obj.append(
client.V1beta1NetworkPolicyIngressRule(_from=_from,
ports=ports))
for rule in egress_rules:
to = self._get_network_policy_peer_list(
rule_list=rule.get('to', []))
ports = self._get_network_policy_port_list(
rule.get('egress_ports', []))
egress_rules_obj.append(
client.V1beta1NetworkPolicyEgressRule(to=to, ports=ports))
return client.V1beta1NetworkPolicySpec(ingress=ingress_rules_obj,
egress=egress_rules_obj,
pod_selector=pod_selector,
policy_types=policy_types)
def whitelist(policy_name, event_name):
policy = {
'metadata': {
'name': policy_name
},
'spec': {
'pod_selector': {
'match_labels': {}
},
'ingress': [
client.V1beta1NetworkPolicyIngressRule(_from=[
client.V1beta1NetworkPolicyPeer(
namespace_selector=client.V1LabelSelector(
match_labels={'name': 'kube-system'})),
client.V1beta1NetworkPolicyPeer(
pod_selector=client.V1LabelSelector(match_labels={}))
])
]
}
}
try:
kubernetesbetav1.read_namespaced_network_policy(
policy_name, event_name)
except Exception:
try:
kubernetesbetav1.create_namespaced_network_policy(
event_name, policy)
except Exception:
print('Failed creating network policy in namespace %s' %
event_name)
def V1beta1NetworkPolicyIngressRule(_from=None, ports=None):
v1beta1NetworkPolicyIngressRule = client.V1beta1NetworkPolicyIngressRule(
_from=_from, ports=ports)
return v1beta1NetworkPolicyIngressRule