From 672c021661acce7ae04fbc07d6f2b18a2450580a Mon Sep 17 00:00:00 2001 From: Hongliang Liu Date: Fri, 29 Mar 2024 17:55:49 +0800 Subject: [PATCH] Fix NodeNetworkPolicy e2e test failure In NodeNetworkPolicy e2e tests, we have the following cases: - Node to Node. We deploy two hostNetwork Pods on different Nodes. - Node to remote Pods. We deploy a hostNetwork Pod on a Node and a non-hostNetwork Pod on another Node. For the case of Node to local Pods, we don't test it since the UDP probing from a non-hostNetwork Pod to the hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request packets, resulting in the failure of test Pods initialization. This PR fixes the e2e test failure by reverting the test Pods initialization modified by PR #4537. Signed-off-by: Hongliang Liu --- test/e2e/nodenetworkpolicy_test.go | 42 +++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 10 deletions(-) diff --git a/test/e2e/nodenetworkpolicy_test.go b/test/e2e/nodenetworkpolicy_test.go index 5564fd37329..9943a2b5324 100644 --- a/test/e2e/nodenetworkpolicy_test.go +++ b/test/e2e/nodenetworkpolicy_test.go @@ -29,7 +29,7 @@ import ( const labelNodeHostname = "kubernetes.io/hostname" -func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, toHostNetworkPod bool) { +func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, testNodeToNode bool) { p80 = 80 p81 = 81 p8080 = 8080 @@ -39,22 +39,42 @@ func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, toHostNetwo podsPerNamespace = []string{"a"} suffix := randName("") namespaces = make(map[string]TestNamespaceMeta) - for _, ns := range []string{"x", "y", "z"} { - namespaces[ns] = TestNamespaceMeta{ - Name: ns + "-" + suffix, - } - } nodes = make(map[string]string) - nodes["x"] = controlPlaneNodeName() - nodes["y"] = workerNodeName(1) hostNetworks := make(map[string]bool) + + // Deploy a hostNetwork Pod in Namespace with prefix "x-" on a Node. + nodes["x"] = nodeName(0) hostNetworks["x"] = true - if toHostNetworkPod { + namespaces["x"] = TestNamespaceMeta{ + Name: "x-" + suffix, + } + + if testNodeToNode { + // To test NodeNetworkPolicy between Nodes, deploy another hostNetwork Pod in Namespace prefixed with "y-" on + // another Node. Pod in Namespace with prefix "z-" is not needed. + nodes["y"] = nodeName(1) hostNetworks["y"] = true + namespaces["y"] = TestNamespaceMeta{ + Name: "y-" + suffix, + } } else { + // To test NodeNetworkPolicy between Node and Pods, deploy another two non-hostNetwork Pods in Namespaces + // prefixed with "y-" and "z-", respectively, on another Node. + // It is important to note that we avoid deploying non-hostNetwork Pods and hostNetwork Pods on the same Node + // for this test. If so, after all test Pods are created, the UDP probing from a non-hostNetwork Pod to the + // hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the + // local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request + // packets. + nodes["y"] = nodeName(1) hostNetworks["y"] = false - nodes["z"] = workerNodeName(1) + namespaces["y"] = TestNamespaceMeta{ + Name: "y-" + suffix, + } + nodes["z"] = nodeName(1) hostNetworks["z"] = false + namespaces["z"] = TestNamespaceMeta{ + Name: "z-" + suffix, + } } allPods = []Pod{} @@ -89,6 +109,7 @@ func TestAntreaNodeNetworkPolicy(t *testing.T) { } defer teardownTest(t, data) + // Test NodeNetworkPolicy between Nodes. initializeAntreaNodeNetworkPolicy(t, data, true) t.Run("Case=ACNPAllowNoDefaultIsolationTCP", func(t *testing.T) { testNodeACNPAllowNoDefaultIsolation(t, ProtocolTCP) }) @@ -115,6 +136,7 @@ func TestAntreaNodeNetworkPolicy(t *testing.T) { k8sUtils.Cleanup(namespaces) + // Test NodeNetworkPolicy between Node and Pods. initializeAntreaNodeNetworkPolicy(t, data, false) t.Run("Case=ACNPNamespaceIsolation", func(t *testing.T) { testNodeACNPNamespaceIsolation(t) })