def fin(): print("--------------Cleanup----------------") delete_crd( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vs_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vsr_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ts_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace)
def fin(): print("Clean up prerequisites") delete_namespace(kube_apis.v1, namespace) if (k8sMinorVersion >= 18): print("Delete IngressClass resources:") subprocess.run([ "kubectl", "delete", "-f", f"{DEPLOYMENTS}/common/ingress-class.yaml" ]) subprocess.run([ "kubectl", "delete", "-f", f"{TEST_DATA}/ingress-class/resource/custom-ingress-class-res.yaml" ]) cleanup_rbac(kube_apis.rbac_v1, rbac)
def fin(): print("--------------Cleanup----------------") delete_crd( kube_apis.api_extensions_v1, dos_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_protected_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove dos arbitrator:") delete_dos_arbitrator(kube_apis.v1, kube_apis.apps_v1_api, dos_arbitrator_name, namespace) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) print("Remove the syslog svc:") delete_items_from_yaml(kube_apis, src_syslog_yaml, namespace)
def fin(): print("Clean up prerequisites") delete_namespace(kube_apis.v1, namespace) cleanup_rbac(kube_apis.rbac_v1_beta1, rbac)
def crd_ingress_controller_with_ap(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request) -> None: """ Create an Ingress Controller with AppProtect CRD enabled. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {extra_args: } 'extra_args' list of IC arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" try: print( "--------------------Create roles and bindings for AppProtect------------------------" ) rbac = configure_rbac_with_ap(kube_apis.rbac_v1) print( "------------------------- Register AP CRD -----------------------------------" ) ap_pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_appolicies.yaml" ) ap_log_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_aplogconfs.yaml" ) ap_uds_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml" ) vs_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualservers.yaml" ) vsr_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualserverroutes.yaml" ) pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_policies.yaml") ts_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_transportservers.yaml" ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_appolicies.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_aplogconfs.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/appprotect.f5.com_apusersigs.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, vs_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualservers.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, vsr_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_virtualserverroutes.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, pol_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_policies.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1_beta1, ts_crd_name, f"{DEPLOYMENTS}/common/crds-v1beta1/k8s.nginx.org_transportservers.yaml", ) print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller( kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get("extra_args", None), ) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) except Exception as ex: print( f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible." ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vs_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vsr_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ts_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) def fin(): print("--------------Cleanup----------------") delete_crd( kube_apis.api_extensions_v1_beta1, ap_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ap_uds_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vs_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, vsr_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1_beta1, ts_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) request.addfinalizer(fin)
def crd_ingress_controller_with_dos(cli_arguments, kube_apis, ingress_controller_prerequisites, ingress_controller_endpoint, request, crds) -> None: """ Create an Ingress Controller with DOS CRDs enabled. :param crds: the common IC crds. :param cli_arguments: pytest context :param kube_apis: client apis :param ingress_controller_prerequisites :param ingress_controller_endpoint: :param request: pytest fixture to parametrize this method {extra_args: } 'extra_args' list of IC arguments :return: """ namespace = ingress_controller_prerequisites.namespace name = "nginx-ingress" try: print( "--------------------Create roles and bindings for AppProtect------------------------" ) rbac = configure_rbac_with_dos(kube_apis.rbac_v1) print( "------------------------- Register AP CRD -----------------------------------" ) dos_pol_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdospolicy.yaml") dos_log_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml" ) dos_protected_crd_name = get_name_from_yaml( f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml" ) create_crd_from_yaml( kube_apis.api_extensions_v1, dos_pol_crd_name, f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdospolicy.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, dos_log_crd_name, f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_apdoslogconfs.yaml", ) create_crd_from_yaml( kube_apis.api_extensions_v1, dos_protected_crd_name, f"{DEPLOYMENTS}/common/crds/appprotectdos.f5.com_dosprotectedresources.yaml", ) print( "------------------------- Create syslog svc -----------------------" ) src_syslog_yaml = f"{TEST_DATA}/dos/dos-syslog.yaml" log_loc = f"/var/log/messages" create_items_from_yaml(kube_apis, src_syslog_yaml, namespace) before = time.time() wait_until_all_pods_are_ready(kube_apis.v1, namespace) after = time.time() print(f"All pods came up in {int(after-before)} seconds") print(f"syslog svc was created") print( "------------------------- Create dos arbitrator -----------------------" ) dos_arbitrator_name = create_dos_arbitrator( kube_apis.v1, kube_apis.apps_v1_api, namespace, ) print( "------------------------- Create IC -----------------------------------" ) name = create_ingress_controller( kube_apis.v1, kube_apis.apps_v1_api, cli_arguments, namespace, request.param.get("extra_args", None), ) ensure_connection_to_public_endpoint( ingress_controller_endpoint.public_ip, ingress_controller_endpoint.port, ingress_controller_endpoint.port_ssl, ) except Exception as ex: print( f"Failed to complete CRD IC fixture: {ex}\nClean up the cluster as much as possible." ) delete_crd( kube_apis.api_extensions_v1, dos_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_protected_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove dos arbitrator:") delete_dos_arbitrator(kube_apis.v1, kube_apis.apps_v1_api, dos_arbitrator_name, namespace) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) pytest.fail("IC setup failed") def fin(): print("--------------Cleanup----------------") delete_crd( kube_apis.api_extensions_v1, dos_pol_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_log_crd_name, ) delete_crd( kube_apis.api_extensions_v1, dos_protected_crd_name, ) print("Remove ap-rbac") cleanup_rbac(kube_apis.rbac_v1, rbac) print("Remove dos arbitrator:") delete_dos_arbitrator(kube_apis.v1, kube_apis.apps_v1_api, dos_arbitrator_name, namespace) print("Remove the IC:") delete_ingress_controller(kube_apis.apps_v1_api, name, cli_arguments["deployment-type"], namespace) print("Remove the syslog svc:") delete_items_from_yaml(kube_apis, src_syslog_yaml, namespace) request.addfinalizer(fin)