io.fabric8.kubernetes.api.model.LabelSelector Java Examples

public PersistentVolumeClaim createSourceWorkspacePvc(TektonConfig config) {
  Map<String, Quantity> requests = new HashMap<String, Quantity>() {{
      put("storage", new QuantityBuilder().withAmount(String.valueOf(config.getSourceWorkspaceClaim().getSize())).withFormat(config.getSourceWorkspaceClaim().getUnit()).build());
  }};
  LabelSelector selector = null;


  if (config.getSourceWorkspaceClaim().getMatchLabels().length != 0) {
    selector = new LabelSelectorBuilder()
      .withMatchLabels(Arrays.stream(config.getSourceWorkspaceClaim().getMatchLabels()).collect(Collectors.toMap(l -> l.getKey(), l -> l.getValue())))
      .build();
  }
  return new PersistentVolumeClaimBuilder()
    .withNewMetadata()
    .withName(sourceWorkspaceClaimName(config))
    .endMetadata()
    .withNewSpec()
    .withAccessModes(config.getSourceWorkspaceClaim().getAccessMode().name())
    .withStorageClassName(config.getSourceWorkspaceClaim().getStorageClass())
    .withNewResources().withRequests(requests).endResources()
    .withSelector(selector)
    .endSpec()
    .build();
}
 

@SuppressWarnings("unchecked")
public Future<List<T>> listAsync(String namespace, Optional<LabelSelector> selector) {
    Promise<List<T>> result = Promise.promise();
    vertx.createSharedWorkerExecutor("kubernetes-ops-tool").executeBlocking(
        future -> {
            FilterWatchListDeletable<T, L, Boolean, Watch, Watcher<T>> operation;
            if (AbstractWatchableResourceOperator.ANY_NAMESPACE.equals(namespace))  {
                operation = operation().inAnyNamespace();
            } else {
                operation = operation().inNamespace(namespace);
            }
            if (selector.isPresent()) {
                operation = operation.withLabelSelector(selector.get());
            }
            future.complete(operation.list().getItems());
        }, true, result
    );
    return result.future();
}
 

/**
 * @param vertx The Vertx instance.
 * @param certManager For managing certificates.
 * @param crdOperator For operating on Custom Resources.
 * @param labels A selector for which users in the namespace to consider as the operators
 * @param secretOperations For operating on Secrets.
 * @param scramShaCredentialOperator For operating on SCRAM SHA credentials.
 * @param kafkaUserQuotasOperator For operating on Kafka User quotas.
 * @param aclOperations For operating on ACLs.
 * @param caCertName The name of the Secret containing the clients CA certificate.
 * @param caKeyName The name of the Secret containing the clients CA private key.
 * @param caNamespace The namespace of the Secret containing the clients CA certificate and private key.
 */
public KafkaUserOperator(Vertx vertx,
                         CertManager certManager,
                         CrdOperator<KubernetesClient, KafkaUser, KafkaUserList, DoneableKafkaUser> crdOperator,
                         Labels labels,
                         SecretOperator secretOperations,
                         ScramShaCredentialsOperator scramShaCredentialOperator,
                         KafkaUserQuotasOperator kafkaUserQuotasOperator,
                         SimpleAclOperator aclOperations, String caCertName, String caKeyName, String caNamespace) {
    super(vertx, "KafkaUser", crdOperator, new MicrometerMetricsProvider());
    this.certManager = certManager;
    Map<String, String> matchLabels = labels.toMap();
    this.selector = matchLabels.isEmpty() ? Optional.empty() : Optional.of(new LabelSelector(null, matchLabels));
    this.secretOperations = secretOperations;
    this.scramShaCredentialOperator = scramShaCredentialOperator;
    this.kafkaUserQuotasOperator = kafkaUserQuotasOperator;
    this.aclOperations = aclOperations;
    this.caCertName = caCertName;
    this.caKeyName = caKeyName;
    this.caNamespace = caNamespace;
}
 

@Test(
    expectedExceptions = InfrastructureException.class,
    expectedExceptionsMessageRegExp =
        "Unable to mount secret 'test_secret': It is configured to be mount as a environment variable, but its name was not specified. Please define the 'che.eclipse.org/env-name' annotation on the secret to specify it.")
public void shouldThrowExceptionWhenNoEnvNameSpecifiedSingleValue() throws Exception {
  Container container_match = new ContainerBuilder().withName("maven").build();

  when(podSpec.getContainers()).thenReturn(ImmutableList.of(container_match));

  Secret secret =
      new SecretBuilder()
          .withData(singletonMap("foo", "random"))
          .withMetadata(
              new ObjectMetaBuilder()
                  .withName("test_secret")
                  .withAnnotations(
                      ImmutableMap.of(ANNOTATION_MOUNT_AS, "env", ANNOTATION_AUTOMOUNT, "true"))
                  .withLabels(emptyMap())
                  .build())
          .build();

  when(secrets.get(any(LabelSelector.class))).thenReturn(singletonList(secret));
  secretApplier.applySecret(environment, runtimeIdentity, secret);
}
 

@Test(
    expectedExceptions = InfrastructureException.class,
    expectedExceptionsMessageRegExp =
        "Unable to mount key 'foo'  of secret 'test_secret': It is configured to be mount as a environment variable, but its name was not specified. Please define the 'che.eclipse.org/foo_env-name' annotation on the secret to specify it.")
public void shouldThrowExceptionWhenNoEnvNameSpecifiedMultiValue() throws Exception {
  Container container_match = new ContainerBuilder().withName("maven").build();

  when(podSpec.getContainers()).thenReturn(ImmutableList.of(container_match));

  Secret secret =
      new SecretBuilder()
          .withData(ImmutableMap.of("foo", "random", "bar", "test"))
          .withMetadata(
              new ObjectMetaBuilder()
                  .withName("test_secret")
                  .withAnnotations(
                      ImmutableMap.of(ANNOTATION_MOUNT_AS, "env", ANNOTATION_AUTOMOUNT, "true"))
                  .withLabels(emptyMap())
                  .build())
          .build();

  when(secrets.get(any(LabelSelector.class))).thenReturn(singletonList(secret));
  secretApplier.applySecret(environment, runtimeIdentity, secret);
}
 

@Test(
    expectedExceptions = InfrastructureException.class,
    expectedExceptionsMessageRegExp =
        "Unable to mount secret 'test_secret': It is configured to be mounted as a file but the mount path was not specified. Please define the 'che.eclipse.org/mount-path' annotation on the secret to specify it.")
public void shouldThrowExceptionWhenNoMountPathSpecifiedForFiles() throws Exception {
  Container container_match = new ContainerBuilder().withName("maven").build();

  PodSpec localSpec =
      new PodSpecBuilder().withContainers(ImmutableList.of(container_match)).build();

  when(podData.getSpec()).thenReturn(localSpec);
  Secret secret =
      new SecretBuilder()
          .withData(ImmutableMap.of("settings.xml", "random", "another.xml", "freedom"))
          .withMetadata(
              new ObjectMetaBuilder()
                  .withName("test_secret")
                  .withAnnotations(singletonMap(ANNOTATION_MOUNT_AS, "file"))
                  .withLabels(emptyMap())
                  .build())
          .build();
  when(secrets.get(any(LabelSelector.class))).thenReturn(singletonList(secret));
  secretApplier.applySecret(environment, runtimeIdentity, secret);
}
 

@Test(
    expectedExceptions = InfrastructureException.class,
    expectedExceptionsMessageRegExp =
        "Unable to mount secret 'test_secret': it has missing or unknown type of the mount. Please make sure that 'che.eclipse.org/mount-as' annotation has value either 'env' or 'file'.")
public void shouldThrowExceptionWhenNoMountTypeSpecified() throws Exception {
  Secret secret =
      new SecretBuilder()
          .withData(ImmutableMap.of("settings.xml", "random", "another.xml", "freedom"))
          .withMetadata(
              new ObjectMetaBuilder()
                  .withName("test_secret")
                  .withAnnotations(emptyMap())
                  .withLabels(emptyMap())
                  .build())
          .build();
  when(secrets.get(any(LabelSelector.class))).thenReturn(singletonList(secret));
  provisioner.provision(environment, runtimeIdentity, namespace);
}
 

public PersistentVolumeClaim createM2WorkspacePvc(TektonConfig config) {
  Map<String, Quantity> requests = new HashMap<String, Quantity>() {{
      put("storage", new QuantityBuilder().withAmount(String.valueOf(config.getM2WorkspaceClaim().getSize())).withFormat(config.getM2WorkspaceClaim().getUnit()).build());
  }};
  LabelSelector selector = null;
  if (config.getM2WorkspaceClaim().getMatchLabels().length != 0) {
    selector = new LabelSelectorBuilder()
      .withMatchLabels(Arrays.stream(config.getM2WorkspaceClaim().getMatchLabels()).collect(Collectors.toMap(l -> l.getKey(), l -> l.getValue())))
      .build();
  }

  return new PersistentVolumeClaimBuilder()
    .withNewMetadata()
    .withName(m2WorkspaceClaimName(config))
    .endMetadata()
    .withNewSpec()
    .withAccessModes(config.getM2WorkspaceClaim().getAccessMode().name())
    .withStorageClassName(config.getM2WorkspaceClaim().getStorageClass())
    .withNewResources().withRequests(requests).endResources()
    .withSelector(selector)
    .endSpec()
    .build();
}
 

@Test
public void shouldReturnOptionalWithPodWhenPodWasNotFoundButDeploymentExists() throws Exception {
  // given
  when(podResource.get()).thenReturn(null);
  when(deploymentResource.get()).thenReturn(deployment);
  LabelSelector labelSelector = mock(LabelSelector.class);
  doReturn(labelSelector).when(deploymentSpec).getSelector();
  doReturn(ImmutableMap.of("deployment", "existing")).when(labelSelector).getMatchLabels();

  FilterWatchListDeletable filterList = mock(FilterWatchListDeletable.class);
  doReturn(filterList).when(podsNamespaceOperation).withLabels(any());
  PodList podList = mock(PodList.class);
  doReturn(singletonList(pod)).when(podList).getItems();
  doReturn(podList).when(filterList).list();

  // when
  Optional<Pod> fetchedPodOpt = kubernetesDeployments.get("existing");

  // then
  assertTrue(fetchedPodOpt.isPresent());
  verify(podsNamespaceOperation).withName("existing");
  verify(deploymentsNamespaceOperation).withName("existing");
  assertEquals(fetchedPodOpt.get(), pod);
}
 

@Test(
    expectedExceptions = InfrastructureException.class,
    expectedExceptionsMessageRegExp = "Found multiple pods in Deployment 'existing'")
public void shouldThrowExceptionWhenMultiplePodsExistsForDeploymentsOnPodFetching()
    throws Exception {
  // given
  when(podResource.get()).thenReturn(null);
  when(deploymentResource.get()).thenReturn(deployment);
  LabelSelector labelSelector = mock(LabelSelector.class);
  doReturn(labelSelector).when(deploymentSpec).getSelector();
  doReturn(ImmutableMap.of("deployment", "existing")).when(labelSelector).getMatchLabels();

  FilterWatchListDeletable filterList = mock(FilterWatchListDeletable.class);
  doReturn(filterList).when(podsNamespaceOperation).withLabels(any());
  PodList podList = mock(PodList.class);
  doReturn(asList(pod, pod)).when(podList).getItems();
  doReturn(podList).when(filterList).list();

  // when
  kubernetesDeployments.get("existing");
}
 

public void provision(E env, RuntimeIdentity runtimeIdentity, KubernetesNamespace namespace)
    throws InfrastructureException {
  LabelSelector selector = new LabelSelectorBuilder().withMatchLabels(secretLabels).build();
  for (Secret secret : namespace.secrets().get(selector)) {
    if (secret.getMetadata().getAnnotations() == null) {
      throw new InfrastructureException(
          format(
              "Unable to mount secret '%s': it has missing required annotations. Please check documentation for secret format guide.",
              secret.getMetadata().getName()));
    }
    String mountType = secret.getMetadata().getAnnotations().get(ANNOTATION_MOUNT_AS);
    if ("env".equalsIgnoreCase(mountType)) {
      environmentVariableSecretApplier.applySecret(env, runtimeIdentity, secret);
    } else if ("file".equalsIgnoreCase(mountType)) {
      fileSecretApplier.applySecret(env, runtimeIdentity, secret);
    } else {
      throw new InfrastructureException(
          format(
              "Unable to mount secret '%s': it has missing or unknown type of the mount. Please make sure that '%s' annotation has value either 'env' or 'file'.",
              secret.getMetadata().getName(), ANNOTATION_MOUNT_AS));
    }
  }
}
 

@Test
void testKafkaExporterDifferentSetting() throws InterruptedException, ExecutionException, IOException {
    LabelSelector exporterSelector = kubeClient().getDeploymentSelectors(KafkaExporterResources.deploymentName(CLUSTER_NAME));
    String runScriptContent = getExporterRunScript(kubeClient().listPods(exporterSelector).get(0).getMetadata().getName());
    assertThat("Exporter starting script has wrong setting than it's specified in CR", runScriptContent.contains("--group.filter=\".*\""));
    assertThat("Exporter starting script has wrong setting than it's specified in CR", runScriptContent.contains("--topic.filter=\".*\""));

    Map<String, String> kafkaExporterSnapshot = DeploymentUtils.depSnapshot(KafkaExporterResources.deploymentName(CLUSTER_NAME));

    KafkaResource.replaceKafkaResource(CLUSTER_NAME, k -> {
        k.getSpec().getKafkaExporter().setGroupRegex("my-group.*");
        k.getSpec().getKafkaExporter().setTopicRegex(TOPIC_NAME);
    });

    DeploymentUtils.waitTillDepHasRolled(KafkaExporterResources.deploymentName(CLUSTER_NAME), 1, kafkaExporterSnapshot);

    runScriptContent = getExporterRunScript(kubeClient().listPods(exporterSelector).get(0).getMetadata().getName());
    assertThat("Exporter starting script has wrong setting than it's specified in CR", runScriptContent.contains("--group.filter=\"my-group.*\""));
    assertThat("Exporter starting script has wrong setting than it's specified in CR", runScriptContent.contains("--topic.filter=\"" + TOPIC_NAME + "\""));
}
 

/**
 * Method to check that all pods for expected DeploymentConfig were rolled
 * @param name DeploymentConfig name
 * @param snapshot Snapshot of pods for DeploymentConfig before the rolling update
 * @return true when the pods for DeploymentConfig are recreated
 */
public static boolean depConfigHasRolled(String name, Map<String, String> snapshot) {
    LOGGER.debug("Existing snapshot: {}", new TreeMap<>(snapshot));
    LabelSelector selector = new LabelSelectorBuilder().addToMatchLabels(kubeClient().getDeploymentConfigSelectors(name)).build();
    Map<String, String> map = PodUtils.podSnapshot(selector);
    LOGGER.debug("Current  snapshot: {}", new TreeMap<>(map));
    int current = map.size();
    map.keySet().retainAll(snapshot.keySet());
    if (current == snapshot.size() && map.isEmpty()) {
        LOGGER.info("All pods seem to have rolled");
        return true;
    } else {
        LOGGER.debug("Some pods still need to roll: {}", map);
        return false;
    }
}
 

private String getPortForwardUrl(final Set<HasMetadata> resources) throws JKubeServiceException {
    LabelSelector selector = KubernetesResourceUtil.getPodLabelSelector(resources);
    if (selector == null) {
        log.warn("Unable to determine a selector for application pods");
        return null;
    }

    Properties properties = SpringBootUtil.getSpringBootApplicationProperties(
        JKubeProjectUtil.getClassLoader(getContext().getBuildContext().getProject()));
    SpringBootConfigurationHelper propertyHelper = new SpringBootConfigurationHelper(
        SpringBootUtil.getSpringBootVersion(getContext().getBuildContext().getProject()));

    int port = IoUtil.getFreeRandomPort();
    int containerPort = propertyHelper.getServerPort(properties);
    portForwardService.forwardPortAsync(getContext().getLogger(), selector, containerPort, port);

    return createForwardUrl(propertyHelper, properties, port);
}
 

public static LabelSelector getPodLabelSelector(Set<HasMetadata> entities) {
    LabelSelector chosenSelector = null;
    for (HasMetadata entity : entities) {
        LabelSelector selector = getPodLabelSelector(entity);
        if (selector != null) {
            if (chosenSelector != null && !chosenSelector.equals(selector)) {
                throw new IllegalArgumentException("Multiple selectors found for the given entities: " + chosenSelector + " - " + selector);
            }
            chosenSelector = selector;
        }
    }
    return chosenSelector;
}
 

public static FilterWatchListDeletable<Pod, PodList, Boolean, Watch, Watcher<Pod>> withSelector(NonNamespaceOperation<Pod, PodList, DoneablePod, PodResource<Pod, DoneablePod>> pods, LabelSelector selector, KitLogger log) {
    FilterWatchListDeletable<Pod, PodList, Boolean, Watch, Watcher<Pod>> answer = pods;
    Map<String, String> matchLabels = selector.getMatchLabels();
    if (matchLabels != null && !matchLabels.isEmpty()) {
        answer = answer.withLabels(matchLabels);
    }
    List<LabelSelectorRequirement> matchExpressions = selector.getMatchExpressions();
    if (matchExpressions != null) {
        for (LabelSelectorRequirement expression : matchExpressions) {
            String key = expression.getKey();
            List<String> values = expression.getValues();
            if (StringUtils.isBlank(key)) {
                log.warn("Ignoring empty key in selector expression %s", expression);
                continue;
            }
            if (values == null || values.isEmpty()) {
                log.warn("Ignoring empty values in selector expression %s", expression);
                continue;
            }
            String[] valuesArray = values.toArray(new String[values.size()]);
            String operator = expression.getOperator();
            switch (operator) {
            case "In":
                answer = answer.withLabelIn(key, valuesArray);
                break;
            case "NotIn":
                answer = answer.withLabelNotIn(key, valuesArray);
                break;
            default:
                log.warn("Ignoring unknown operator %s in selector expression %s", operator, expression);
            }
        }
    }
    return answer;
}
 

@Test
public void shouldProvisionAllContainersIfAutomountEnabled() throws Exception {
  Container container_match1 = new ContainerBuilder().withName("maven").build();
  Container container_match2 = new ContainerBuilder().withName("other").build();

  when(podSpec.getContainers()).thenReturn(ImmutableList.of(container_match1, container_match2));

  Secret secret =
      new SecretBuilder()
          .withData(singletonMap("foo", "random"))
          .withMetadata(
              new ObjectMetaBuilder()
                  .withName("test_secret")
                  .withAnnotations(
                      ImmutableMap.of(
                          ANNOTATION_ENV_NAME, "MY_FOO",
                          ANNOTATION_MOUNT_AS, "env",
                          ANNOTATION_AUTOMOUNT, "true"))
                  .withLabels(emptyMap())
                  .build())
          .build();

  when(secrets.get(any(LabelSelector.class))).thenReturn(singletonList(secret));
  secretApplier.applySecret(environment, runtimeIdentity, secret);

  // both containers has env set
  assertEquals(container_match1.getEnv().size(), 1);
  EnvVar var = container_match1.getEnv().get(0);
  assertEquals(var.getName(), "MY_FOO");
  assertEquals(var.getValueFrom().getSecretKeyRef().getName(), "test_secret");
  assertEquals(var.getValueFrom().getSecretKeyRef().getKey(), "foo");

  assertEquals(container_match2.getEnv().size(), 1);
  EnvVar var2 = container_match2.getEnv().get(0);
  assertEquals(var2.getName(), "MY_FOO");
  assertEquals(var2.getValueFrom().getSecretKeyRef().getName(), "test_secret");
  assertEquals(var2.getValueFrom().getSecretKeyRef().getKey(), "foo");
}
 

private Pod getNewestPod(LabelSelector selector) {
    FilterWatchListDeletable<Pod, PodList, Boolean, Watch, Watcher<Pod>> pods =
            KubernetesHelper.withSelector(kubernetes.pods(), selector, log);

    PodList list = pods.list();
    if (list != null) {
        List<Pod> items = list.getItems();
        return getNewestPod(items);
    }
    return null;
}
 

private DeploymentConfigSpec getDeploymentConfigSpec(Integer replicas, Integer revisionHistoryLimit, LabelSelector selector, PodTemplateSpec podTemplateSpec, String strategyType) {
    DeploymentConfigSpecBuilder specBuilder = new DeploymentConfigSpecBuilder();
    if (replicas != null) {
        specBuilder.withReplicas(replicas);
    }
    if (revisionHistoryLimit != null) {
        specBuilder.withRevisionHistoryLimit(revisionHistoryLimit);
    }

    if (selector  != null) {
        Map<String, String> matchLabels = selector.getMatchLabels();
        if (matchLabels != null && !matchLabels.isEmpty()) {
            specBuilder.withSelector(matchLabels);
        }
    }
    if (podTemplateSpec != null) {
        specBuilder.withTemplate(podTemplateSpec);
        PodSpec podSpec = podTemplateSpec.getSpec();
        Objects.requireNonNull(podSpec, "No PodSpec for PodTemplate:" + podTemplateSpec);
        Objects.requireNonNull(podSpec, "No containers for PodTemplate.spec: " + podTemplateSpec);
    }
    DeploymentStrategy deploymentStrategy = getDeploymentStrategy(strategyType);
    if (deploymentStrategy != null) {
        specBuilder.withStrategy(deploymentStrategy);
    }

    if(enableAutomaticTrigger.equals(Boolean.TRUE)) {
        specBuilder.addNewTrigger().withType("ConfigChange").endTrigger();
    }

    return specBuilder.build();
}
 

public static FilterWatchListDeletable<Pod, PodList, Boolean, Watch, Watcher<Pod>> withSelector(NonNamespaceOperation<Pod, PodList, DoneablePod, PodResource<Pod, DoneablePod>> pods, LabelSelector selector, KitLogger log) {
    FilterWatchListDeletable<Pod, PodList, Boolean, Watch, Watcher<Pod>> answer = pods;
    Map<String, String> matchLabels = selector.getMatchLabels();
    if (matchLabels != null && !matchLabels.isEmpty()) {
        answer = answer.withLabels(matchLabels);
    }
    List<LabelSelectorRequirement> matchExpressions = selector.getMatchExpressions();
    if (matchExpressions != null) {
        for (LabelSelectorRequirement expression : matchExpressions) {
            String key = expression.getKey();
            List<String> values = expression.getValues();
            if (StringUtils.isBlank(key)) {
                log.warn("Ignoring empty key in selector expression %s", expression);
                continue;
            }
            if (values == null || values.isEmpty()) {
                log.warn("Ignoring empty values in selector expression %s", expression);
                continue;
            }
            String[] valuesArray = values.toArray(new String[values.size()]);
            String operator = expression.getOperator();
            switch (operator) {
                case "In":
                    answer = answer.withLabelIn(key, valuesArray);
                    break;
                case "NotIn":
                    answer = answer.withLabelNotIn(key, valuesArray);
                    break;
                default:
                    log.warn("Ignoring unknown operator %s in selector expression %s", operator, expression);
            }
        }
    }
    return answer;
}
 

@Override
public FilterWatchListDeletable<T, L, Boolean, Watch, Watcher<T>> withLabelSelector(LabelSelector selector) {
  Map<String, String> matchLabels = selector.getMatchLabels();
  if (matchLabels != null) {
    this.labels.putAll(matchLabels);
  }
  List<LabelSelectorRequirement> matchExpressions = selector.getMatchExpressions();
  if (matchExpressions != null) {
    for (LabelSelectorRequirement req : matchExpressions) {
      String operator = req.getOperator();
      String key = req.getKey();
      switch (operator) {
        case "In":
          withLabelIn(key, req.getValues().toArray(new String[]{}));
          break;
        case "NotIn":
          withLabelNotIn(key, req.getValues().toArray(new String[]{}));
          break;
        case "DoesNotExist":
          withoutLabel(key);
          break;
        case "Exists":
          withLabel(key);
          break;
        default:
          throw new IllegalArgumentException("Unsupported operator: " + operator);
      }
    }
  }
  return this;
}
 

@Test
public void testPodAntiAffinityGlobalProperty() {
	AppDefinition definition = new AppDefinition("app-test", null);
	AppDeploymentRequest appDeploymentRequest = new AppDeploymentRequest(definition, getResource(), null);

	KubernetesDeployerProperties kubernetesDeployerProperties = new KubernetesDeployerProperties();

	LabelSelector labelSelector = new LabelSelector();
	labelSelector.setMatchExpressions(Arrays.asList(new LabelSelectorRequirementBuilder()
			.withKey("app")
			.withOperator("In")
			.withValues("store")
			.build()));
	PodAffinityTerm podAffinityTerm = new PodAffinityTerm(labelSelector, null, "kubernetes.io/hostname");
	LabelSelector labelSelector2 = new LabelSelector();
	labelSelector2.setMatchExpressions(Arrays.asList(new LabelSelectorRequirementBuilder()
			.withKey("security")
			.withOperator("In")
			.withValues("s2")
			.build()));
	PodAffinityTerm podAffinityTerm2 = new PodAffinityTerm(labelSelector2, null, "failure-domain.beta.kubernetes.io/zone");
	WeightedPodAffinityTerm weightedPodAffinityTerm = new WeightedPodAffinityTerm(podAffinityTerm2, 100);
	PodAntiAffinity podAntiAffinity = new AffinityBuilder()
			.withNewPodAntiAffinity()
			.withRequiredDuringSchedulingIgnoredDuringExecution(podAffinityTerm)
			.withPreferredDuringSchedulingIgnoredDuringExecution(weightedPodAffinityTerm)
			.endPodAntiAffinity()
			.buildPodAntiAffinity();

	kubernetesDeployerProperties.setPodAntiAffinity(podAntiAffinity);

	deployer = new KubernetesAppDeployer(kubernetesDeployerProperties, null);
	PodSpec podSpec = deployer.createPodSpec(appDeploymentRequest);

	PodAntiAffinity podAntiAffinityTest = podSpec.getAffinity().getPodAntiAffinity();
	assertNotNull("Pod anti-affinity should not be null", podAntiAffinityTest);
	assertNotNull("RequiredDuringSchedulingIgnoredDuringExecution should not be null", podAntiAffinityTest.getRequiredDuringSchedulingIgnoredDuringExecution());
	assertEquals("PreferredDuringSchedulingIgnoredDuringExecution should have one element", 1, podAntiAffinityTest.getPreferredDuringSchedulingIgnoredDuringExecution().size());
}
 

public Watch watch(String namespace, Optional<LabelSelector> selector, Watcher<T> watcher) {
    FilterWatchListDeletable<T, L, Boolean, Watch, Watcher<T>> operation
            = ANY_NAMESPACE.equals(namespace) ? operation().inAnyNamespace() : operation().inNamespace(namespace);
    if (selector.isPresent()) {
        operation = operation.withLabelSelector(selector.get());
    }
    return operation.watch(watcher);
}
 

@Test
public void shouldProvisionSingleEnvVariable() throws Exception {
  Container container_match = new ContainerBuilder().withName("maven").build();
  Container container_unmatch = spy(new ContainerBuilder().withName("other").build());

  when(podSpec.getContainers()).thenReturn(ImmutableList.of(container_match, container_unmatch));

  Secret secret =
      new SecretBuilder()
          .withData(singletonMap("foo", "random"))
          .withMetadata(
              new ObjectMetaBuilder()
                  .withName("test_secret")
                  .withAnnotations(
                      ImmutableMap.of(
                          ANNOTATION_ENV_NAME,
                          "MY_FOO",
                          ANNOTATION_MOUNT_AS,
                          "env",
                          ANNOTATION_AUTOMOUNT,
                          "true"))
                  .withLabels(emptyMap())
                  .build())
          .build();

  when(secrets.get(any(LabelSelector.class))).thenReturn(singletonList(secret));
  secretApplier.applySecret(environment, runtimeIdentity, secret);

  // container has env set
  assertEquals(container_match.getEnv().size(), 1);
  EnvVar var = container_match.getEnv().get(0);
  assertEquals(var.getName(), "MY_FOO");
  assertEquals(var.getValueFrom().getSecretKeyRef().getName(), "test_secret");
  assertEquals(var.getValueFrom().getSecretKeyRef().getKey(), "foo");
}
 

@Test
public void testRevertingImmutableFields()   {
    PersistentVolumeClaim desired = new PersistentVolumeClaimBuilder()
            .withNewMetadata()
                .withName("my-pvc")
                .withNamespace("my-namespace")
            .endMetadata()
            .withNewSpec()
                .withNewResources()
                    .withRequests(Collections.singletonMap("storage", new Quantity("100", null)))
                .endResources()
            .endSpec()
            .build();

    PersistentVolumeClaim current = new PersistentVolumeClaimBuilder()
            .withNewMetadata()
                .withName("my-pvc")
                .withNamespace("my-namespace")
            .endMetadata()
            .withNewSpec()
                .withAccessModes("ReadWriteOnce")
                .withNewResources()
                    .withRequests(Collections.singletonMap("storage", new Quantity("10", null)))
                .endResources()
                .withStorageClassName("my-storage-class")
                .withSelector(new LabelSelector(null, Collections.singletonMap("key", "label")))
                .withVolumeName("pvc-ce9ebf52-435a-11e9-8fbc-06b5ff7c7748")
            .endSpec()
            .build();

    PvcOperator op = createResourceOperations(vertx, mock(KubernetesClient.class));
    op.revertImmutableChanges(current, desired);

    assertThat(current.getSpec().getStorageClassName(), is(desired.getSpec().getStorageClassName()));
    assertThat(current.getSpec().getAccessModes(), is(desired.getSpec().getAccessModes()));
    assertThat(current.getSpec().getSelector(), is(desired.getSpec().getSelector()));
    assertThat(current.getSpec().getVolumeName(), is(desired.getSpec().getVolumeName()));
}
 

/**
 * Finds secrets matching specified label selector.
 *
 * @param labelSelector selector to filter secrets
 * @return matched secrets list
 * @throws InfrastructureException when any exception occurs
 */
public List<Secret> get(LabelSelector labelSelector) throws InfrastructureException {
  try {
    return clientFactory
        .create(workspaceId)
        .secrets()
        .inNamespace(namespace)
        .withLabelSelector(labelSelector)
        .list()
        .getItems();
  } catch (KubernetesClientException e) {
    throw new KubernetesInfrastructureException(e);
  }
}
 

@Test
void testClusterOperatorFinishAllRollingUpdates() {
    KafkaResource.kafkaPersistent(CLUSTER_NAME, 3, 3).done();

    Map<String, String> kafkaPods = StatefulSetUtils.ssSnapshot(KafkaResources.kafkaStatefulSetName(CLUSTER_NAME));
    Map<String, String> zkPods = StatefulSetUtils.ssSnapshot(KafkaResources.zookeeperStatefulSetName(CLUSTER_NAME));

    // Metrics enabling should trigger rolling update
    KafkaResource.replaceKafkaResource(CLUSTER_NAME, kafka -> {
        kafka.getSpec().getKafka().setMetrics(singletonMap("something", "changed"));
        kafka.getSpec().getZookeeper().setMetrics(singletonMap("something", "changed"));
    });

    TestUtils.waitFor("rolling update starts", Constants.GLOBAL_POLL_INTERVAL, Constants.GLOBAL_STATUS_TIMEOUT,
        () -> kubeClient().listPods().stream().filter(pod -> pod.getStatus().getPhase().equals("Running"))
                .map(pod -> pod.getStatus().getPhase()).collect(Collectors.toList()).size() < kubeClient().listPods().size());

    LabelSelector coLabelSelector = kubeClient().getDeployment(ResourceManager.getCoDeploymentName()).getSpec().getSelector();
    LOGGER.info("Deleting Cluster Operator pod with labels {}", coLabelSelector);
    kubeClient().deletePod(coLabelSelector);
    LOGGER.info("Cluster Operator pod deleted");

    StatefulSetUtils.waitTillSsHasRolled(KafkaResources.zookeeperStatefulSetName(CLUSTER_NAME), 3, zkPods);

    TestUtils.waitFor("rolling update starts", Constants.GLOBAL_POLL_INTERVAL, Constants.GLOBAL_STATUS_TIMEOUT,
        () -> kubeClient().listPods().stream().map(pod -> pod.getStatus().getPhase()).collect(Collectors.toList()).contains("Pending"));

    LOGGER.info("Deleting Cluster Operator pod with labels {}", coLabelSelector);
    kubeClient().deletePod(coLabelSelector);
    LOGGER.info("Cluster Operator pod deleted");

    StatefulSetUtils.waitTillSsHasRolled(KafkaResources.kafkaStatefulSetName(CLUSTER_NAME), 3, kafkaPods);
}
 

/**
 * Wait until the given DeploymentConfig is ready.
 * @param depConfigName The name of the DeploymentConfig.
 */
public static Map<String, String> waitForDeploymentConfigAndPodsReady(String depConfigName, int expectPods) {
    waitForDeploymentConfigReady(depConfigName);

    LOGGER.info("Waiting for Pod(s) of DeploymentConfig {} to be ready", depConfigName);

    LabelSelector deploymentConfigSelector =
        new LabelSelectorBuilder().addToMatchLabels(kubeClient().getDeploymentConfigSelectors(depConfigName)).build();

    PodUtils.waitForPodsReady(deploymentConfigSelector, expectPods, true);
    LOGGER.info("DeploymentConfig {} is ready", depConfigName);

    return depConfigSnapshot(depConfigName);
}
 

/**
 * Collect metrics from all pods with specific selector
 * @param labelSelector pod selector
 * @param port port where metrics are exposed
 * @param metricsPath additional path where metrics are available
 * @return map with metrics {podName, metrics}
 */
public static HashMap<String, String> collectMetricsFromPods(LabelSelector labelSelector, int port, String metricsPath) {
    HashMap<String, String> map = new HashMap<>();
    kubeClient().listPods(labelSelector).forEach(p -> {
        try {
            map.put(p.getMetadata().getName(), collectMetrics(p.getMetadata().getName(), port, metricsPath));
        } catch (InterruptedException | ExecutionException | IOException e) {
            throw new RuntimeException(e);
        }
    });
    return  map;
}
 

/**
 * Returns a map of resource name to resource version for all the pods in the given {@code namespace}
 * matching the given {@code selector}.
 */
public static Map<String, String> podSnapshot(LabelSelector selector) {
    List<Pod> pods = kubeClient().listPods(selector);
    return pods.stream()
        .collect(
            Collectors.toMap(pod -> pod.getMetadata().getName(),
                pod -> pod.getMetadata().getUid()));
}