Skip setting hostPort in Aerospike container for podOnly network and …

…multiPodPerHost: false

internal/controller/cluster/statefulset.go

@@ -89,9 +89,10 @@ func (r *SingleClusterReconciler) createSTS(
 
 	r.Log.Info("Create statefulset for AerospikeCluster", "size", replicas)
 
-	ports := getSTSContainerPort(
+	ports := GetSTSContainerPort(
 		r.aeroCluster.Spec.PodSpec.MultiPodPerHost,
 		r.aeroCluster.Spec.AerospikeConfig,
+		&r.aeroCluster.Spec.AerospikeNetworkPolicy,
 	)
 
 	operatorDefinedLabels := utils.LabelsForAerospikeClusterRack(
@@ -605,9 +606,10 @@ func (r *SingleClusterReconciler) updateSTSStorage(
 func (r *SingleClusterReconciler) updateSTSPorts(
 	st *appsv1.StatefulSet,
 ) {
-	ports := getSTSContainerPort(
+	ports := GetSTSContainerPort(
 		r.aeroCluster.Spec.PodSpec.MultiPodPerHost,
 		r.aeroCluster.Spec.AerospikeConfig,
+		&r.aeroCluster.Spec.AerospikeNetworkPolicy,
 	)
 
 	st.Spec.Template.Spec.Containers[0].Ports = ports
@@ -1538,11 +1540,16 @@ func addVolumeDeviceInContainer(
 	}
 }
 
-func getSTSContainerPort(
-	multiPodPerHost *bool, aeroConf *asdbv1.AerospikeConfigSpec,
+func GetSTSContainerPort(
+	multiPodPerHost *bool, aeroConf *asdbv1.AerospikeConfigSpec, aeroNetworkPolicy *asdbv1.AerospikeNetworkPolicy,
 ) []corev1.ContainerPort {
 	ports := make([]corev1.ContainerPort, 0, len(defaultContainerPorts))
 	portNames := make([]string, 0, len(defaultContainerPorts))
+	aerospikeNetworkTypePod := asdbv1.AerospikeNetworkTypePod
+	podOnlyNetwork := (aeroNetworkPolicy.AccessType == aerospikeNetworkTypePod &&
+		aeroNetworkPolicy.AlternateAccessType == aerospikeNetworkTypePod)
+	tlsPodOnlyNetwork := (aeroNetworkPolicy.TLSAccessType == aerospikeNetworkTypePod &&
+		aeroNetworkPolicy.TLSAlternateAccessType == aerospikeNetworkTypePod)
 
 	// Sorting defaultContainerPorts to fetch map in ordered manner.
 	// Helps reduce unnecessary sts object updates.
@@ -1567,11 +1574,12 @@ func getSTSContainerPort(
 			ContainerPort: int32(*configPort),
 		}
 		// Single pod per host. Enable hostPort setting
+		// when pod only network is not defined.
 		// The hostPort setting applies to the Kubernetes containers.
 		// The container port will be exposed to the external network at <hostIP>:<hostPort>,
 		// where the hostIP is the IP address of the Kubernetes node where
 		// the container is running and the hostPort is the port requested by the user
-		if !asdbv1.GetBool(multiPodPerHost) && portInfo.exposedOnHost {
+		if !asdbv1.GetBool(multiPodPerHost) && portInfo.exposedOnHost && !podOnlyNetwork && !tlsPodOnlyNetwork {
 			containerPort.HostPort = containerPort.ContainerPort
 		}
 

test/cluster/network_policy_test.go

@@ -708,6 +708,29 @@ func doTestNetworkPolicy(
 		},
 	)
 
+	It("OnlyPodNetwork: should not set the hostport in pod only network"+
+		"and multiPodPerHost is false", func() {
+		clusterNamespacedName := getNamespacedName(
+			"pod-network-cluster", test.MultiClusterNs1)
+
+		networkPolicy := asdbv1.AerospikeNetworkPolicy{
+			AccessType:             asdbv1.AerospikeNetworkTypePod,
+			AlternateAccessType:    asdbv1.AerospikeNetworkTypePod,
+			TLSAccessType:          asdbv1.AerospikeNetworkTypePod,
+			TLSAlternateAccessType: asdbv1.AerospikeNetworkTypePod,
+		}
+
+		aeroCluster = getAerospikeClusterSpecWithNetworkPolicy(
+			clusterNamespacedName, &networkPolicy, multiPodPerHost,
+			enableTLS,
+		)
+		ports := aerospikecluster.GetSTSContainerPort(aeroCluster.Spec.PodSpec.MultiPodPerHost,
+			aeroCluster.Spec.AerospikeConfig, &aeroCluster.Spec.AerospikeNetworkPolicy)
+
+		for _, port := range ports {
+			Expect(port.HostPort).To(BeZero())
+		}
+	})
 	// test-case valid only for multiPodPerHost true
 	if multiPodPerHost {
 		It("OnlyPodNetwork: should create cluster without nodePort service", func() {