github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
96,851 Commits 1 Branch 31 Tags
40ca31f52447013794de436f44c7c04a78cd60f4
Commit Graph

795 Commits

Author SHA1 Message Date
Kubernetes Prow Robot
f6e04cd3ad Merge pull request #97638 from knabben/netpol-egress-func 
Moving egress deny with DNS to a policy function
 2021-01-13 04:18:35 -08:00
Kubernetes Prow Robot
cc09a6df58 Merge pull request #97844 from aojea/essip 
don´t panic on e2e ESIPP tests
 2021-01-08 03:36:53 -08:00
Antonio Ojea
6bedf4a98b don´t panic on e2e ESIPP tests 
The ESIPP tests are using a function to poll an HTTP endpoint.
This function failed the framework if the request to the http endpoint
timed out, causing a panic that ginkgo couldn´t recover.

Also, this function was used inside a pollImmediate loop, so it should
return the error instead of fail.
 2021-01-08 10:52:49 +01:00
Antonio Ojea
2548fa1112 Revert "dump conntrack table on e2e conntrack failures" 
This reverts commit 0ef7f27fc1.

The info is not enough to debug the problems, there are simply no
conntrack entries but there is no clue about it.

Another problem is that it dumps the conntrack entries from all
nodes, that is more than 40 mins in a scale test job with 5000 nodes.
 2021-01-08 10:04:40 +01:00
jay vyas
ba0a87015a set numberOfWorkers for netpol suite to the ideal value (3) that is non-disruptive 2021-01-07 12:36:19 -05:00
Kubernetes Prow Robot
d5e8aa2d03 Merge pull request #97524 from NillsF/master 
Add e2e networkPolicy test to validate egress deny precedence over ingress allow
 2021-01-06 19:57:45 -08:00
Kubernetes Prow Robot
ab8dda3c88 Merge pull request #97736 from knabben/default-deny-egress 
Default deny egress with pod label selector
 2021-01-06 16:41:50 -08:00
Kubernetes Prow Robot
24f4fe7c8c Merge pull request #97571 from mattfenwick/issue-97425 
97425: improve netpol comments
 2021-01-06 13:05:52 -08:00
Matt Fenwick
5f80d7b3cf add OWNERS file to kubernetes/test/e2e/network/netpol 2021-01-06 11:17:24 -05:00
Amim Knabben
fc46c0a75a Default deny egress with pod label selector 2021-01-05 15:31:09 -05:00
Nills Franssens
eaad78c8fe adding egress ingress test case 2021-01-05 08:47:37 -08:00
Matthew Fenwick
19dd785870 97425: improve netpol comments 2021-01-02 16:03:34 -05:00
Amim Knabben
d378fca35a Moving egress deny with DNS to policy function 2020-12-31 08:10:36 -05:00
Kubernetes Prow Robot
fec1a366c3 Merge pull request #91592 from jayunit100/netpol-impl2 
new NetworkPolicy Validation suite
 2020-12-23 05:56:27 -08:00
jay vyas
36ae8fd91a import the netpol testing package so that ownership is attributed correctly in the network policy testing suit 2020-12-23 07:40:47 -05:00
Antonio Ojea
bbfed8a7db fix sctp hostPort test 
The test create a pod with a hostPort to expose an SCTP port, then
it checks if the iptables rules were installed correctly in the host.

The iptables rules MUST be checked in the same host where the pod
is running :)
 2020-12-17 18:31:35 +01:00
Mateusz Matejczyk
3affac239e Remove the 'DisabledForLargeClusters' tags from non-session-affinity LB network tests 
Ref. https://github.com/kubernetes/kubernetes/issues/90047
 2020-12-16 13:26:42 +01:00
Kubernetes Prow Robot
52bf6641f7 Merge pull request #95019 from aojea/sliceFalke 
Fix e2e endpoint slice flake test
 2020-12-14 18:33:48 -08:00
jay vyas
debbe9dce9 New NetworkPolicy tests: Part 2, all truth table validation scenario definitions 
Co-authored-by: Matt Fenwick <mfenwick100@gmail.com>
Co-authored-by: Jay Vyas <jvyas@vmware.com>
Co-authored-by: Abhishek Raut <rauta@vmware.com>
 2020-12-14 17:14:25 -05:00
Matthew Fenwick
65632b8677 NetworkPolicy Validation suite 
Co-authored-by: Matt Fenwick <mfenwick100@gmail.com>
Co-authored-by: Jay Vyas <jvyas@vmware.com>
Co-authored-by: Rich Renner <renner@sunder.io>
Co-authored-by: Sedef Savas <ssavas@vmware.com>
Co-authored-by: Guangyang Wang <wguangyuan@vmware.com>
Co-authored-by: Akash Sarda <akashsarda3@gmail.com>
Co-authored-by: Abhishek Raut <rauta@vmware.com>
Co-authored-by: Antonin Bas <abas@vmware.com>
Co-authored-by: Antonio Ojea <aojea@redhat.com>

addressed remaining minor comments

initial netpol-framework
 2020-12-14 16:47:39 -05:00
Dan Winship
46470008a3 Improve error message on "CLOSE_WAIT" test failure 2020-12-10 11:00:13 -05:00
Kubernetes Prow Robot
77d150ae11 Merge pull request #96856 from aojea/netpolipv6 
e2e network policy enclose IPv6 destinations
 2020-12-09 03:26:50 -08:00
Kubernetes Prow Robot
83b2c7a1bf Merge pull request #96311 from thockin/kep-1659-topology-labels 
Convert users of old failure-domain labels to new
 2020-12-08 17:28:27 -08:00
Kubernetes Prow Robot
9d81c4ebfa Merge pull request #96296 from aojea/extip 
kube-proxy treat ExternalIPs as ClusterIPs
 2020-12-08 17:28:18 -08:00
Spencer Hance
47ea73bfb9 Update ingress conformance test for finalizers 2020-11-25 11:24:21 -08:00
Antonio Ojea
60f739ac17 e2e network policy enclose IPv6 destinations 
We moved to DNS destination to IP:Port, so we need to be sure
that IPv6 addresses are enclosed in square brackets with that
format.
 2020-11-25 10:56:24 +01:00
DP19
9e4642211a add e2e test for Service ExternalIPs 2020-11-22 00:57:29 +01:00
Kubernetes Prow Robot
379ed6644d Merge pull request #96484 from aojea/e2etest 
add e2e test for dual-stack secondary service IPs
 2020-11-18 15:28:51 -08:00
Antonio Ojea
59674755eb e2e SCTP test not depend on kubenet 
e2e test should be platform and component independent.
Consumers can filter using tags or regex.
 2020-11-17 16:34:48 +01:00
Antonio Ojea
ad043f2bdd e2e dualstack test fixes 
remove unused variables and fix comments
 2020-11-16 23:18:30 +01:00
Antonio Ojea
19cf272b37 add more e2e sctp tests 
Add more e2e SCTP tests for Services and intra-pod communication.
 2020-11-13 17:07:00 +01:00
Antonio Ojea
3a6b4366a7 remove wrong test for SCTP connectivity 
the test tries to test the connectivity between two pods, but it
acually test the connectivity against itself.
 2020-11-13 17:03:03 +01:00
Tim Hockin
3bd337baf4 Make tests deal with old and new topology labels 2020-11-12 11:22:47 -08:00
Antonio Ojea
ed694a1bf6 add e2e test for dual-stack secondary service IPs 
Dual stack services can have two ClusterIPs, we already have tests that
exercise the connectivity from different scenarios to the first
ClusterIP of the service.

This PR adds a new functionality to the e2e network utils to enable
DualStack services, and replicate the same tests but using the
secondary ClusterIP, so we cover the connectivity to both cluster IPs.
 2020-11-12 10:07:04 +01:00
Kubernetes Prow Robot
7766559c6d Merge pull request #96433 from cmluciano/cml/dualstackagnhost 
dualstack: Use Agnhost in place of BusyBox
 2020-11-11 07:42:10 -08:00
Kubernetes Prow Robot
7e62b1cab8 Merge pull request #96122 from cmluciano/cml/dualstackudpnode 
dualstack: use correct IPFamily list for conntrack checks in e2e
 2020-11-10 17:51:40 -08:00
Kubernetes Prow Robot
a5bce462d0 Merge pull request #94812 from aojea/e2ehostnet2 
e2e test for services using pods with hostNetwork as backend
 2020-11-10 14:35:38 -08:00
Christopher M. Luciano
8f384ce972 dualstack: Use Agnhost in place of BusyBox 
There is a large effort to use Agnhost to limit dependencies and
overall image size.

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-11-10 16:44:06 -05:00
Christopher M. Luciano
fa7a802d55 dualstack: use correct IPFamily list for conntrack checks in e2e 
We hardcode the index number in the KubeProxy/Conntrack e2es and
CollectAddresses returns 4 mixed IP Family addresses in a dualstack
cluster. This change ensures that the serverNodeInfo.nodeIP has only
valid addresses for the expected IPFamily per test case.

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-11-10 15:02:29 -05:00
Kubernetes Prow Robot
151c2799d1 Merge pull request #96279 from cmluciano/cml/netutilsipv4 
dualstack: cleanup IsIPv4 duplicates in favor of k8s/utils functions
 2020-11-06 18:09:50 -08:00
Tim Hockin
819ff9b087 Use topology labels instead of old beta names (#96033) 
* Rename const for topology.../zone

* Rename const for topology.../region

* Rename const for failure-domain.../zone

* Rename const for failure-domain.../region

* Restore old names for compat
 2020-11-05 20:26:50 -08:00
Christopher M. Luciano
dfbda1dc40 dualstack: cleanup IsIPv4 duplicates in favor of utils 
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2020-11-05 14:29:23 -05:00
Antonio Ojea
76a9c8695a Revert "add e2e test for Service ExternalIPs" 
This reverts commit 0ed8fd6dc9.

It turns out that ExternalIPs are not allowed to be reachable from
pods until the IP is present in the node.
However, due to a kube-proxy limitation it was working in environment
that used CNIs without bridges for the pods.
 2020-11-05 10:35:24 +01:00
Kubernetes Prow Robot
e54448a307 Merge pull request #96116 from DP19/add-e2e-test-for-external-ips 
add e2e test for Service ExternalIPs
 2020-11-03 17:04:17 -08:00
Kubernetes Prow Robot
e25f3d75b8 Merge pull request #95065 from JornShen/replace_restarting_kas_kp_e2e_network_provider 
refector service some e2e cases to make it runing in multi providers
 2020-11-03 17:04:03 -08:00
Kubernetes Prow Robot
1c403c311e Merge pull request #95453 from danwinship/egress-networkpolicy-tests 
Don't depend on DNS in NetworkPolicy tests
 2020-11-03 11:44:04 -08:00
DP19
0ed8fd6dc9 add e2e test for Service ExternalIPs 2020-11-02 13:57:23 -05:00
Kubernetes Prow Robot
d1c296431e Merge pull request #96059 from knight42/refactor/migrate-health-check 
refactor: migrate health checks of control-plane off insecure port in tests
 2020-11-02 08:21:08 -08:00
knight42
3c4d6859c8 refactor: migrate health checks of control-plane off insecure port in tests 
Signed-off-by: knight42 <anonymousknight96@gmail.com>
 2020-10-31 11:39:25 +08:00
Kubernetes Prow Robot
68c41e261e Merge pull request #95977 from robscott/esm-test-fix 
Updating EndpointSliceMirroring e2e test to accept multiple slices
 2020-10-30 15:46:51 -07:00