Multus network policies #1113
Multus network policies #1113
Conversation
zeeke
force-pushed
the
multus-network-policies
branch
3 times, most recently
from
3f71d7d to
ed27370
Compare
openshift-ci
bot
added
the
needs-rebase
zeeke
force-pushed
the
multus-network-policies
branch
from
ed27370 to
c4566a7
Compare
openshift-ci
bot
removed
the
needs-rebase
zeeke
force-pushed
the
multus-network-policies
branch
3 times, most recently
from
1996714 to
0550184
Compare
openshift-ci
bot
added
the
needs-rebase
zeeke
force-pushed
the
multus-network-policies
branch
from
0550184 to
590c456
Compare
openshift-ci
bot
removed
the
needs-rebase
|
/retest |
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
cnf-tests/mirror/images.json
Outdated
| }, | ||
| { | ||
| "registry": "quay.io/openshift-kni/", | ||
| "image": "dpdk:4.10" | ||
| "image": "dpdk:4.11" |
There was a problem hiding this comment.
please open this in a separate PR so we can merge it
hack/run-functests.sh
Outdated
| @@ -8,8 +8,8 @@ export failures=() | |||
|
|
|||
| #env variables needed for the containerized version | |||
| export TEST_POD_IMAGES_REGISTRY="${TEST_POD_IMAGES_REGISTRY:-quay.io/openshift-kni/}" | |||
| export TEST_POD_CNF_TEST_IMAGE="${TEST_POD_CNF_TEST_IMAGE:-cnf-tests:4.8}" | |||
| export TEST_POD_DPDK_TEST_IMAGE="${TEST_POD_DPDK_TEST_IMAGE:-dpdk:4.8}" | |||
| export TEST_POD_CNF_TEST_IMAGE="${TEST_POD_CNF_TEST_IMAGE:-cnf-tests:4.11}" | |||
There was a problem hiding this comment.
please open this in a separate PR so we can merge it before this one
| @@ -44,6 +44,7 @@ require ( | |||
|
|
|||
| require ( | |||
| github.com/google/go-cmp v0.5.7 | |||
| github.com/k8snetworkplumbingwg/multi-networkpolicy v0.0.0-20220419111628-220baf5d60c1 | |||
There was a problem hiding this comment.
please move it down and use the same method as the sriov network operator for example to pin the right version
github.com/k8snetworkplumbingwg/sriov-network-operator => github.com/openshift/sriov-network-operator v0.0.0-20211207043958-2bfa00ead503 // release-4.10
There was a problem hiding this comment.
I can move it down in the file, in the "// Test deps section", but we still need to refer github.com/k8snetworkplumbingwg/multi-networkpolicy, as there are no downstream flavour of that repository: it's the API one.
Does it make sense?
|
|
||
| // Add 4 containers to the pod for netcat server. 2 for each transport protocol (TCP/UDP) for each | ||
| // port in (5555/6666) | ||
| func redefineWithNetcatServers(pod *corev1.Pod) *corev1.Pod { |
There was a problem hiding this comment.
Yes, in createPodsInNamespace(...)
As netcat servers installed by this function are intended to be used by the ReachMatcher, I'll put it in reachmatcher.go file.
| Expect(err).ToNot(HaveOccurred()) | ||
|
|
||
| networkAttachDef := netattdefv1.NetworkAttachmentDefinition{} | ||
| waitForObject( |
There was a problem hiding this comment.
I think we have a function for this already in pkg if not I think we should move it there.
you also add the networkAttachDef scheme into the global client so you can use it from there no need to use it from the sriovClient
There was a problem hiding this comment.
Can't find anything similar.
Also, not sure why but it works also with global client without adding the scheme to it. It probably fallbacks to a not structured client.
Moved to pkg/client/wait.go WaitForObject(...)
cnf-tests/testsuites/e2esuite/multinetworkpolicy/multinetworkpolicy_sriov.go
Show resolved
Hide resolved
|
|
||
| It("enforce multiple stacked policies with overlapping selector [nsX_podA <=> (nsY/* OR */podB)]", func() { | ||
|
|
||
| Skip("Stacked policies are not yet supported") |
There was a problem hiding this comment.
please add a comment with a TODO: and a bz link
|
|
||
| It("enforce multiple stacked policies with overlapping selector and different ports (*/podB ==> nsX/podA:5555 , */podC ==> nsX/podA:6666)", func() { | ||
|
|
||
| Skip("Stacked policies are not yet supported") |
There was a problem hiding this comment.
please add a comment with a TODO: and a bz link
zeeke
force-pushed
the
multus-network-policies
branch
10 times, most recently
from
3c6f29c to
c971907
Compare
zeeke
force-pushed
the
multus-network-policies
branch
2 times, most recently
from
c43c7ef to
1f556ee
Compare
|
|
zeeke
force-pushed
the
multus-network-policies
branch
from
eecccb2 to
86dc0c2
Compare
Pod logs, pod's specs, node information and custom resources can be dumped in parallel, as the write on different files. Signed-off-by: Andrea Panattoni <[email protected]>
Signed-off-by: Andrea Panattoni <[email protected]>
Signed-off-by: Andrea Panattoni <[email protected]>
IpTables tool is needed by multinetworkpolicy feature tests to inspect pods iptables. Signed-off-by: Andrea Panattoni <[email protected]>
Dependency is about API project. v1beta1 is the version actually supported by multus-networkpolicy-iptables implementation. Signed-off-by: Andrea Panattoni <[email protected]>
Add `multinetworkpolicy` to the list of default feature in Makefile. Add kustomization files to deploy the feature in `deploy` and `ci` envs. Signed-off-by: Andrea Panattoni <[email protected]>
Also CreateDPDKWorkload to use the new function. Signed-off-by: Andrea Panattoni <[email protected]>
zeeke
force-pushed
the
multus-network-policies
branch
from
86dc0c2 to
6baf3a2
Compare
Add e2esuite/multinetworkpolicy suite with basic test cases. Inspiration has been taken from official test on NetworkPolicy (ses github.com/kubernetes/kubernetes package test/e2e/network/netpol) Add suite to unnamed import in test_suite_test.go to add to the main suite. Add the multinetworkpolicy scheme to test client. Update k8sreporter to dump information about multinetworkpolicy namespaces, pods and CRs. Add validation suite to check if the feature has been deployed. Bump used cnf-tests image version to 4.11 as new tests require netcat binary to be installed on pods. Signed-off-by: Andrea Panattoni <[email protected]>
zeeke
force-pushed
the
multus-network-policies
branch
from
6baf3a2 to
5e08607
Compare
|
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: SchSeba, zeeke The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/retest if the only failing test will be performance I will override this PR |
|
/retest-required |
|
Failing tests in /override ci/prow/e2e-gcp-ovn |
|
@zeeke: zeeke unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file, and the following github teams:. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retest-required |
|
/override ci/prow/e2e-gcp-ovn |
|
@fedepaol: Overrode contexts on behalf of fedepaol: ci/prow/e2e-gcp-ovn In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@zeeke: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/override ci/prow/e2e-gcp-ovn |
|
@fedepaol: Overrode contexts on behalf of fedepaol: ci/prow/e2e-gcp-ovn In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This PR introduces
multinetworkpolicyfeature and e2e tests of it on SRIOV interface.It contains some skipped tests that need some fixed on implementation side.
Depends on