From eb67d371120210a8f77ad851b7d273ee0abdf05e Mon Sep 17 00:00:00 2001 From: Hongliang Liu Date: Fri, 29 Mar 2024 17:55:49 +0800 Subject: [PATCH] Fix NodeNetworkPolicy e2e test failure In NodeNetworkPolicy e2e tests, we have test the following cases: - Nodes to Nodes. We deploy two hostNetwork Pods on different Nodes. - Node to remote Pods. We deploy a hostNetwork Pod on a Node and a non-hostNetwork Pod on another Node. For case of Node to local Pods, we don't test it since the UDP probing from a non-hostNetwork Pod to the hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request packets, resulting in the failure of test Pods initialization. This PR fixes the e2e test failure by reverting the test Pods initialization modified by PR #4537. Signed-off-by: Hongliang Liu --- test/e2e/nodenetworkpolicy_test.go | 42 +++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 10 deletions(-) diff --git a/test/e2e/nodenetworkpolicy_test.go b/test/e2e/nodenetworkpolicy_test.go index 5564fd37329..dd5b287fdf9 100644 --- a/test/e2e/nodenetworkpolicy_test.go +++ b/test/e2e/nodenetworkpolicy_test.go @@ -29,7 +29,7 @@ import ( const labelNodeHostname = "kubernetes.io/hostname" -func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, toHostNetworkPod bool) { +func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, testNodeToNode bool) { p80 = 80 p81 = 81 p8080 = 8080 @@ -39,22 +39,42 @@ func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, toHostNetwo podsPerNamespace = []string{"a"} suffix := randName("") namespaces = make(map[string]TestNamespaceMeta) - for _, ns := range []string{"x", "y", "z"} { - namespaces[ns] = TestNamespaceMeta{ - Name: ns + "-" + suffix, - } - } nodes = make(map[string]string) - nodes["x"] = controlPlaneNodeName() - nodes["y"] = workerNodeName(1) hostNetworks := make(map[string]bool) + + // Deploy a hostNetwork Pod in Namespace with prefix "x-" on a Node. + nodes["x"] = nodeName(0) hostNetworks["x"] = true - if toHostNetworkPod { + namespaces["x"] = TestNamespaceMeta{ + Name: "x-" + suffix, + } + + if testNodeToNode { + // To test NodeNetworkPolicy between Nodes, deploy another hostNetwork Pod in Namespace prefixed with "y-" on + // another Node. Pod in Namespace with prefix "z-" is not needed. + nodes["y"] = nodeName(1) hostNetworks["y"] = true + namespaces["y"] = TestNamespaceMeta{ + Name: "y-" + suffix, + } } else { + // To test NodeNetworkPolicy between Nodes and Pods, deploy another two non-hostNetwork Pods in Namespaces + // prefixed with "y-" and "z-", respectively, on another Node. + // It is important to note that we avoid deploying non-hostNetwork Pods and hostNetwork Pods on the same Node + // for this test. If so, after all test Pods are created, the UDP probing from a non-hostNetwork Pod to the + // hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the + // local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request + // packets. + nodes["y"] = nodeName(1) hostNetworks["y"] = false - nodes["z"] = workerNodeName(1) + namespaces["y"] = TestNamespaceMeta{ + Name: "y-" + suffix, + } + nodes["z"] = nodeName(1) hostNetworks["z"] = false + namespaces["z"] = TestNamespaceMeta{ + Name: "z-" + suffix, + } } allPods = []Pod{} @@ -89,6 +109,7 @@ func TestAntreaNodeNetworkPolicy(t *testing.T) { } defer teardownTest(t, data) + // Test NodeNetworkPolicy between Nodes. initializeAntreaNodeNetworkPolicy(t, data, true) t.Run("Case=ACNPAllowNoDefaultIsolationTCP", func(t *testing.T) { testNodeACNPAllowNoDefaultIsolation(t, ProtocolTCP) }) @@ -115,6 +136,7 @@ func TestAntreaNodeNetworkPolicy(t *testing.T) { k8sUtils.Cleanup(namespaces) + // Test NodeNetworkPolicy between Nodes and Pods. initializeAntreaNodeNetworkPolicy(t, data, false) t.Run("Case=ACNPNamespaceIsolation", func(t *testing.T) { testNodeACNPNamespaceIsolation(t) })