github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
103,444 Commits 1 Branch 31 Tags
c94deffa485d360a215f7e194b49683f09ba4300
Commit Graph

58 Commits

Author SHA1 Message Date
Antonio Ojea
0cd75e8fec run hack/update-netparse-cve.sh 2021-08-20 10:42:09 +02:00
Rajas Kakodkar
e36a14730b reducing the number of containers created based on the ports used 2021-08-12 23:36:28 +05:30
Kubernetes Prow Robot
d77af28a35 Merge pull request #104086 from jayunit100/patch-27 
(experimental) Calibrate networkpolicy test aggressiveness
 2021-08-12 06:09:48 -07:00
jay vyas
145cec925a reduce the number of containers created by 66% 
Co-authored-by: jay vyas <jvyas@vmware.com>
Co-authored-by: rajas kakodkar <rkakodkar@vmware.com>
 2021-08-12 02:08:00 +05:30
Dan Winship
72223406ac Remove stray DNS port references in NetPol tests 
The tests no longer use DNS, so we shouldn't be adding DNS-related
exceptions to the policies that are being tested.
 2021-08-02 10:31:59 -04:00
jay vyas
59c0523bca Using ServiceIPs instead of DNS names in the NetworkPolicy Probes + adding Interface decoupling (#102354) 
* Squashed commit of the following:

commit 7f774dcb54b511a3956aed0fac5c803f145e383a
Author: Jay Vyas (jayunit100) <jvyas@vmware.com>
Date:   Fri Jun 18 10:58:16 2021 +0000

    fix commit message

commit 0ac09650742f02004dbb227310057ea3760c4da9
Author: jay vyas <jvyas@vmware.com>
Date:   Thu Jun 17 07:50:33 2021 -0400

    Update test/e2e/network/netpol/kubemanager.go

    Co-authored-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>

commit 6a8bf0a6a2690dac56fec2bdcdce929311c513ca
Author: jay vyas <jvyas@vmware.com>
Date:   Sun Jun 13 08:17:25 2021 -0400

    Implement Service polling for network policy suite to remove reliance on CoreDNS when verifying network policys

    Update test/e2e/network/netpol/probe.go

    Co-authored-by: Antonio Ojea <antonio.ojea.garcia@gmail.com>

    Add deafultNS to use service probe

commit b9c17a48327aab35a855540c2294a51137aa4a48
Author: Matthew Fenwick <mfenwick100@gmail.com>
Date:   Thu May 27 07:30:59 2021 -0400

    address code review comments for networkpolicy decoupling from dns

commit e23ef6ff0d189cf2ed80dbafed9881d68402cb56
Author: jay vyas <jvyas@vmware.com>
Date:   Wed May 26 13:30:21 2021 -0400

    NetworkPolicy decoupling from DNS

gofmt

remove old function

* model refactor

* minor

* dropped getK8sModel func

* dropped modelMap, added global model in BeforeEach and subsequent changes

Co-authored-by: Rajas Kakodkar <rajaskakodkar16@gmail.com>
 2021-07-19 23:09:32 -07:00
Rajas Kakodkar
266ffa8526 bug fix in sctp test 2021-06-27 21:53:41 +05:30
Shiming Zhang
674802147c update to remove github.com/pkg/errors 2021-06-23 22:56:48 +08:00
Andrew Sy Kim
9e694a45f9 test/e2e/network: mark tests in test/e2e/network/netpol/network_legacy.go with NetworkPolicyLegacy 
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
 2021-06-16 19:44:27 -04:00
Kubernetes Prow Robot
4ebf4a08c0 Merge pull request #100447 from JornShen/add_netpol_immutable_label_for_ns 
add e2e test for default label selector for NS in netpol
 2021-06-14 09:49:04 -07:00
jornshen
f22b07d8b4 add e2e test for immutable label selector in netpol 2021-06-08 09:52:12 +08:00
Dan Winship
211e974722 Clarify and split up the "not actually SCTP" SCTP NetworkPolicy test 
These tests *do* apply to plugins that don't support SCTP.
 2021-06-02 09:10:25 -04:00
Dan Winship
4b0d0d6fc7 Fix spurious Feature tags on some NetworkPolicy tests 
The "[Feature:SCTP]" tag was needed on "should not allow access by TCP
when a policy specifies only SCTP" back when SCTP was alpha, because
it wasn't possible to create a policy that even mentioned SCTP without
enabling the feature gate. This no longer applies, and the tag was
removed from the original copy of network_policy.go, but accidentally
got left behind in the netpol/ version.

Likewise, the newly-added "should not allow access by TCP when a
policy specifies only UDP" got tagged "[Feature:UDP]", but this was
never necessary, and is inconsistent with other UDP tests anyway.

Similarly, we need "[Feature:SCTPConnectivity]" on tests that make
SCTP connections, because that functionality is not available in all
clusters, but "[Feature:UDPConnectivity]" is unnecessary and
inconsistent.
 2021-06-02 09:10:25 -04:00
Kubernetes Prow Robot
29e5e4df4b Merge pull request #99777 from JornShen/add_e2e_api_validate_endport 
add API e2e test for port ranges of netpolices
 2021-05-26 19:34:23 -07:00
jornshen
90e215dfd2 add api e2e test for port ranges of netpolices 2021-05-26 20:00:11 +08:00
jay vyas
8651fcb25a Implement a windows Netpol NewModel 2021-05-25 21:08:29 -04:00
Peri Thompson
69019a03d3 Add netpol tests for windows 
Co-authored-by: Jay Vyas <jvyas@vmware.com>
 2021-05-24 13:28:04 -04:00
Kubernetes Prow Robot
e824c59913 Merge pull request #99696 from JornShen/refactor_netpol_policies 
refactor netpol/policies.go
 2021-04-14 15:17:07 -07:00
Kubernetes Prow Robot
c51450609f Merge pull request #100839 from jayunit100/patch-25 
add network-policy label automatically
 2021-04-10 19:03:47 -07:00
Kubernetes Prow Robot
fded3d71e5 Merge pull request #100676 from squeed/netpol-v6-test 
test/e2e: handle ipv6 addresses in netpol tests
 2021-04-09 05:19:53 -07:00
jay vyas
cd58735777 add network-policy label automatically 2021-04-05 09:36:15 -07:00
Niekvdplas
fec272a7b2 Fixed several spelling mistakes 2021-03-30 23:02:09 +02:00
Casey Callendrello
1efd456bcf test/e2e: handle ipv6 addresses in netpol tests 
The tests, as written, don't correctly join ip and port for v6
addresses.

use net.JoinHostPort to handle this case.
 2021-03-30 16:41:06 +02:00
jornshen
cd2af69ef9 refector netpol/policies.go 2021-03-05 19:21:36 +08:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Kubernetes Prow Robot
c410910c1f Merge pull request #99512 from knabben/add-netpol-ports 
Adding specific protocol network policy test
 2021-02-28 07:36:39 -08:00
wojtekt
749922fa46 Cleanup SIGDescribe in test/e2e/network 2021-02-27 20:29:27 +01:00
Amim Knabben
20263a07a6 Added protocol specific netpol 2021-02-26 18:11:45 -05:00
Kubernetes Prow Robot
319ff51c21 Merge pull request #97701 from knabben/allow-traffic-or 
Testing multiple pods using label selector
 2021-02-19 03:14:26 -08:00
Kubernetes Prow Robot
b710c1043a Merge pull request #98389 from knabben/allow-traffic-other-ns 
Allow ingress from pods on another namespace
 2021-02-18 19:04:24 -08:00
Amim Knabben
a41fb30d88 Adding UDP network policies tests 2021-02-13 19:01:38 -05:00
Amim Knabben
0fc096e3aa Allow ingress from pods in all namespaces 2021-02-10 21:03:54 -05:00
Kubernetes Prow Robot
8a8caf317b Merge pull request #97616 from knabben/netpol-2a-allow 
Netpol E2E test should allow traffic to an application
 2021-02-10 16:56:16 -08:00
Amim Knabben
61f02b85d7 Testing multiple pods using label selector 2021-02-10 16:00:02 -05:00
Amim Knabben
96a7b2a102 Deny ingress on other namespaces 2021-02-09 10:15:59 -05:00
Amim Knabben
189edf1e73 Default deny all egress from pods in the namespace 2021-02-07 11:55:50 -05:00
Amim Knabben
c8031e5b13 Netpol e2e test should overwrite allow with another deny 2021-02-07 11:48:20 -05:00
Kubernetes Prow Robot
7be6c1c393 Merge pull request #97863 from qfen/master 
97657: Removed "FromPort" in netpol tests
 2021-02-04 15:02:52 -08:00
Matthew Fenwick
45ae7069f4 improve hairpin warning message for network policy tests 2021-01-29 17:04:05 -05:00
Matthew Fenwick
35a7f91208 Removed "FromPort" in netpol tests 
Co-authored-by: Dan Fenwick <dfenwick@fastmail.com>
Co-authored-by: Matt Fenwick <mfenwick100@gmail.com>
 2021-01-27 20:24:35 -05:00
Amim Knabben
9a8a74f79a Rolling back network policy tests 2021-01-27 18:58:52 -05:00
Amim Knabben
92066e9e28 Copying Netpol API tests from networkpolicy folder 2021-01-24 10:48:10 -05:00
Matt Fenwick
1786cd9867 add knabben to test/e2e/network/netpol/OWNERS 2021-01-19 15:46:30 -05:00
Kubernetes Prow Robot
97cf67b329 Merge pull request #97897 from knabben/sctp-netpol-test 
Copying SCTP tests to Netpol e2e framework
 2021-01-17 07:27:43 -08:00
Amim Knabben
425e544a66 Copying SCTP netpol tests to new e2e framework 2021-01-13 13:34:11 -05:00
Kubernetes Prow Robot
f6e04cd3ad Merge pull request #97638 from knabben/netpol-egress-func 
Moving egress deny with DNS to a policy function
 2021-01-13 04:18:35 -08:00
jay vyas
ba0a87015a set numberOfWorkers for netpol suite to the ideal value (3) that is non-disruptive 2021-01-07 12:36:19 -05:00
Kubernetes Prow Robot
d5e8aa2d03 Merge pull request #97524 from NillsF/master 
Add e2e networkPolicy test to validate egress deny precedence over ingress allow
 2021-01-06 19:57:45 -08:00
Kubernetes Prow Robot
ab8dda3c88 Merge pull request #97736 from knabben/default-deny-egress 
Default deny egress with pod label selector
 2021-01-06 16:41:50 -08:00
Kubernetes Prow Robot
24f4fe7c8c Merge pull request #97571 from mattfenwick/issue-97425 
97425: improve netpol comments
 2021-01-06 13:05:52 -08:00