diff options
Diffstat (limited to 'lib/gitlab/kubernetes/network_policy.rb')
-rw-r--r-- | lib/gitlab/kubernetes/network_policy.rb | 45 |
1 files changed, 41 insertions, 4 deletions
diff --git a/lib/gitlab/kubernetes/network_policy.rb b/lib/gitlab/kubernetes/network_policy.rb index ea25d81cbd2..dc13a614551 100644 --- a/lib/gitlab/kubernetes/network_policy.rb +++ b/lib/gitlab/kubernetes/network_policy.rb @@ -3,9 +3,12 @@ module Gitlab module Kubernetes class NetworkPolicy - def initialize(name:, namespace:, pod_selector:, ingress:, creation_timestamp: nil, policy_types: ["Ingress"], egress: nil) + DISABLED_BY_LABEL = :'network-policy.gitlab.com/disabled_by' + + def initialize(name:, namespace:, pod_selector:, ingress:, labels: nil, creation_timestamp: nil, policy_types: ["Ingress"], egress: nil) @name = name @namespace = namespace + @labels = labels @creation_timestamp = creation_timestamp @pod_selector = pod_selector @policy_types = policy_types @@ -24,6 +27,7 @@ module Gitlab self.new( name: metadata[:name], namespace: metadata[:namespace], + labels: metadata[:labels], pod_selector: spec[:podSelector], policy_types: spec[:policyTypes], ingress: spec[:ingress], @@ -42,6 +46,7 @@ module Gitlab self.new( name: metadata[:name], namespace: metadata[:namespace], + labels: metadata[:labels]&.to_h, creation_timestamp: metadata[:creationTimestamp], pod_selector: spec[:podSelector], policy_types: spec[:policyTypes], @@ -62,16 +67,48 @@ module Gitlab name: name, namespace: namespace, creation_timestamp: creation_timestamp, - manifest: manifest + manifest: manifest, + is_autodevops: autodevops?, + is_enabled: enabled? } end + def autodevops? + return false unless labels + + !labels[:chart].nil? && labels[:chart].start_with?('auto-deploy-app-') + end + + # podSelector selects pods that should be targeted by this + # policy. We can narrow selection by requiring this policy to + # match our custom labels. Since DISABLED_BY label will not be + # on any pod a policy will be effectively disabled. + def enabled? + return true unless pod_selector&.key?(:matchLabels) + + !pod_selector[:matchLabels]&.key?(DISABLED_BY_LABEL) + end + + def enable + return if enabled? + + pod_selector[:matchLabels].delete(DISABLED_BY_LABEL) + end + + def disable + @pod_selector ||= {} + pod_selector[:matchLabels] ||= {} + pod_selector[:matchLabels].merge!(DISABLED_BY_LABEL => 'gitlab') + end + private - attr_reader :name, :namespace, :creation_timestamp, :pod_selector, :policy_types, :ingress, :egress + attr_reader :name, :namespace, :labels, :creation_timestamp, :pod_selector, :policy_types, :ingress, :egress def metadata - { name: name, namespace: namespace } + meta = { name: name, namespace: namespace } + meta[:labels] = labels if labels + meta end def spec |