Feature/disable networking (#72)

* feat: add check if knuu was initialized

Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com>

* feat: add networking capabilities

Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com>

* doc: add note about executor

Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com>

---------

Signed-off-by: Smuu <18609909+Smuu@users.noreply.github.com>

pkg/k8s/k8s_networkpolicy.go

@@ -0,0 +1,89 @@
+package k8s
+
+import (
+	"context"
+	"fmt"
+	v1 "k8s.io/api/networking/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"time"
+)
+
+// CreateNetworkPolicy creates a new NetworkPolicy resource.
+func CreateNetworkPolicy(namespace string, name string, selectorMap map[string]string, ingressSelectorMap map[string]string, egressSelectorMap map[string]string) error {
+	var ingress []v1.NetworkPolicyIngressRule
+	if ingressSelectorMap != nil {
+		ingress = []v1.NetworkPolicyIngressRule{
+			{
+				From: []v1.NetworkPolicyPeer{
+					{
+						PodSelector: &metav1.LabelSelector{
+							MatchLabels: ingressSelectorMap,
+						},
+					},
+				},
+			},
+		}
+	}
+
+	var egress []v1.NetworkPolicyEgressRule
+	if egressSelectorMap != nil {
+		egress = []v1.NetworkPolicyEgressRule{
+			{
+				To: []v1.NetworkPolicyPeer{
+					{
+						PodSelector: &metav1.LabelSelector{
+							MatchLabels: egressSelectorMap,
+						},
+					},
+				},
+			},
+		}
+	}
+
+	np := &v1.NetworkPolicy{
+		ObjectMeta: metav1.ObjectMeta{
+			Namespace: namespace,
+			Name:      name,
+		},
+		Spec: v1.NetworkPolicySpec{
+			PodSelector: metav1.LabelSelector{
+				MatchLabels: selectorMap,
+			},
+			PolicyTypes: []v1.PolicyType{
+				v1.PolicyTypeIngress,
+				v1.PolicyTypeEgress,
+			},
+			Ingress: ingress,
+			Egress:  egress,
+		},
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
+	defer cancel()
+
+	if !IsInitialized() {
+		return fmt.Errorf("knuu is not initialized")
+	}
+	np, err := Clientset().NetworkingV1().NetworkPolicies(namespace).Create(ctx, np, metav1.CreateOptions{})
+	if err != nil {
+		return fmt.Errorf("error creating network policy %s: %w", name, err)
+	}
+
+	return nil
+}
+
+// DeleteNetworkPolicy removes a NetworkPolicy resource.
+func DeleteNetworkPolicy(namespace string, name string) error {
+	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
+	defer cancel()
+
+	if !IsInitialized() {
+		return fmt.Errorf("knuu is not initialized")
+	}
+	err := Clientset().NetworkingV1().NetworkPolicies(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+	if err != nil {
+		return fmt.Errorf("error deleting network policy %s: %w", name, err)
+	}
+
+	return nil
+}

pkg/knuu/executor.go

@@ -31,6 +31,7 @@ func NewExecutor() (*Executor, error) {
 	if err != nil {
 		return nil, fmt.Errorf("error setting cpu '%v':", err)
 	}
+	instance.instanceType = ExecutorInstance
 	err = instance.Start()
 	if err != nil {
 		return nil, fmt.Errorf("error starting instance: %v", err)

pkg/knuu/instance.go

@@ -17,6 +17,7 @@ type Instance struct {
 	imageName         string
 	k8sName           string
 	state             InstanceState
+	instanceType      InstanceType
 	kubernetesService *v1.Service
 	builderFactory    *container.BuilderFactory
 	kubernetesPod     *v1.Pod
@@ -46,6 +47,7 @@ func NewInstance(name string) (*Instance, error) {
 		k8sName:       k8sName,
 		imageName:     "",
 		state:         None,
+		instanceType:  BasicInstance,
 		portsTCP:      make([]int, 0),
 		portsUDP:      make([]int, 0),
 		files:         make([]string, 0),
@@ -452,6 +454,36 @@ func (i *Instance) WaitInstanceIsRunning() error {
 	return nil
 }
 
+// DisableNetwork disables the network of the instance
+// This does not apply to executor instances
+// This function can only be called in the state 'Started'
+func (i *Instance) DisableNetwork() error {
+	if !i.IsInState(Started) {
+		return fmt.Errorf("disabling network is only allowed in state 'Started'. Current state is '%s'", i.state.String())
+	}
+	executorSelectorMap := map[string]string{
+		"type": ExecutorInstance.String(),
+	}
+	err := k8s.CreateNetworkPolicy(k8s.Namespace(), i.k8sName, i.getLabels(), executorSelectorMap, executorSelectorMap)
+	if err != nil {
+		return fmt.Errorf("error disabling network for instance '%s': %w", i.k8sName, err)
+	}
+	return nil
+}
+
+// EnableNetwork enables the network of the instance
+// This function can only be called in the state 'Started'
+func (i *Instance) EnableNetwork() error {
+	if !i.IsInState(Started) {
+		return fmt.Errorf("enabling network is only allowed in state 'Started'. Current state is '%s'", i.state.String())
+	}
+	err := k8s.DeleteNetworkPolicy(k8s.Namespace(), i.k8sName)
+	if err != nil {
+		return fmt.Errorf("error enabling network for instance '%s': %w", i.k8sName, err)
+	}
+	return nil
+}
+
 // WaitInstanceIsStopped waits until the instance is not running anymore
 // This function can only be called in the state 'Stopped'
 func (i *Instance) WaitInstanceIsStopped() error {
@@ -535,6 +567,7 @@ func (i *Instance) Clone() (*Instance, error) {
 		k8sName:           newK8sName,
 		imageName:         i.imageName,
 		state:             i.state,
+		instanceType:      i.instanceType,
 		kubernetesService: i.kubernetesService,
 		builderFactory:    i.builderFactory,
 		kubernetesPod:     i.kubernetesPod,

pkg/knuu/instance_helper.go

@@ -62,6 +62,7 @@ func (i *Instance) getLabels() map[string]string {
 		"test-started":                 startTime,
 		"name":                         i.name,
 		"k8s-name":                     i.k8sName,
+		"type":                         i.instanceType.String(),
 	}
 }
 

pkg/knuu/instance_type.go

@@ -0,0 +1,18 @@
+package knuu
+
+// InstanceType represents the type of the instance
+type InstanceType int
+
+// Possible types of the instance
+const (
+	BasicInstance InstanceType = iota
+	ExecutorInstance
+)
+
+// String returns the string representation of the type
+func (s InstanceType) String() string {
+	if s < 0 || s > 2 {
+		return "Unknown"
+	}
+	return [...]string{"BasicInstance", "ExecutorInstance"}[s]
+}