github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-19 18:02:01 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #95453 from danwinship/egress-networkpolicy-tests

Browse Source 
Don't depend on DNS in NetworkPolicy tests
This commit is contained in:
Kubernetes Prow Robot 2020-11-03 11:44:04 -08:00 committed by GitHub
commit 1c403c311e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
test/e2e/network/network_policy.go
View File

@ -701,7 +701,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
ginkgo.It("should allow egress access on one named port [Feature:NetworkPolicy]", func() {
clientPodName := "client-a"
protocolUDP := v1.ProtocolUDP
policy := &networkingv1.NetworkPolicy{
ObjectMeta: metav1.ObjectMeta{
Name: "allow-client-a-via-named-port-egress-rule",
@ -719,11 +718,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
{
Port: &intstr.IntOrString{Type: intstr.String, StrVal: "serve-80"},
},
// Allow DNS look-ups
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
},
},
}},
},
@ -967,7 +961,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
ginkgo.It("should work with Ingress,Egress specified together [Feature:NetworkPolicy]", func() {
const allowedPort = 80
const notAllowedPort = 81
protocolUDP := v1.ProtocolUDP
nsBName := f.BaseName + "-b"
nsB, err := f.CreateNamespace(nsBName, map[string]string{
@ -1003,15 +996,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
}},
}},
Egress: []networkingv1.NetworkPolicyEgressRule{
{
Ports: []networkingv1.NetworkPolicyPort{
// Allow DNS look-ups
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
},
},
},
{
To: []networkingv1.NetworkPolicyPeer{
{
@ -1082,7 +1066,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
framework.ExpectNoError(err, "Error occurred while waiting for pod status in namespace: Ready.")
ginkgo.By("Creating a network policy for the server which allows traffic only to a server in different namespace.")
protocolUDP := v1.ProtocolUDP
policyAllowToServerInNSB := &networkingv1.NetworkPolicy{
ObjectMeta: metav1.ObjectMeta{
Namespace: nsA.Name,
@ -1098,15 +1081,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress},
// Allow traffic only to server-a in namespace-b
Egress: []networkingv1.NetworkPolicyEgressRule{
{
Ports: []networkingv1.NetworkPolicyPort{
// Allow DNS look-ups
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
},
},
},
{
To: []networkingv1.NetworkPolicyPeer{
{
@ -1218,8 +1192,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
framework.ExpectNoError(err, "Error occurred while waiting for pod type: Ready.")
})
protocolUDP := v1.ProtocolUDP
ginkgo.By("Creating client-a which should be able to contact the server before applying policy.", func() {
testCanConnect(f, f.Namespace, "client-a", serviceB, 80)
})
@ -1240,15 +1212,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress},
// Allow traffic only to "server-a"
Egress: []networkingv1.NetworkPolicyEgressRule{
{
Ports: []networkingv1.NetworkPolicyPort{
// Allow DNS look-ups
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
},
},
},
{
To: []networkingv1.NetworkPolicyPeer{
{
@ -1377,8 +1340,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
var serviceB *v1.Service
var podServerB *v1.Pod
protocolUDP := v1.ProtocolUDP
// Getting podServer's status to get podServer's IP, to create the CIDR
podServerStatus, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), podServer.Name, metav1.GetOptions{})
if err != nil {
@ -1421,15 +1382,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress},
// Allow traffic to only one CIDR block.
Egress: []networkingv1.NetworkPolicyEgressRule{
{
Ports: []networkingv1.NetworkPolicyPort{
// Allow DNS look-ups
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
},
},
},
{
To: []networkingv1.NetworkPolicyPeer{
{
@ -1456,8 +1408,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
})
ginkgo.It("should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy]", func() {
protocolUDP := v1.ProtocolUDP
// Getting podServer's status to get podServer's IP, to create the CIDR with except clause
podServerStatus, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), podServer.Name, metav1.GetOptions{})
if err != nil {
@ -1497,15 +1447,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress},
// Allow traffic to only one CIDR block except subnet which includes Server.
Egress: []networkingv1.NetworkPolicyEgressRule{
{
Ports: []networkingv1.NetworkPolicyPort{
// Allow DNS look-ups
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
},
},
},
{
To: []networkingv1.NetworkPolicyPeer{
{
@ -1530,8 +1471,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
})
ginkgo.It("should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy]", func() {
protocolUDP := v1.ProtocolUDP
// Getting podServer's status to get podServer's IP, to create the CIDR with except clause
podServerStatus, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), podServer.Name, metav1.GetOptions{})
if err != nil {
@ -1568,15 +1507,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress},
// Allow traffic to only one CIDR block except subnet which includes Server.
Egress: []networkingv1.NetworkPolicyEgressRule{
{
Ports: []networkingv1.NetworkPolicyPort{
// Allow DNS look-ups
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
},
},
},
{
To: []networkingv1.NetworkPolicyPeer{
{
@ -1614,15 +1544,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress},
// Allow traffic to only one CIDR block which includes Server.
Egress: []networkingv1.NetworkPolicyEgressRule{
{
Ports: []networkingv1.NetworkPolicyPort{
// Allow DNS look-ups
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
},
},
},
{
To: []networkingv1.NetworkPolicyPeer{
{
@ -1667,8 +1588,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
var podA, podB *v1.Pod
var err error
protocolUDP := v1.ProtocolUDP
// Before applying policy, communication should be successful between pod-a and pod-b
podA, serviceA = createServerPodAndService(f, f.Namespace, "pod-a", []protocolPort{{80, v1.ProtocolTCP}})
ginkgo.By("Waiting for pod-a to be ready", func() {
@ -1705,15 +1624,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress},
// Allow traffic to server on pod-b
Egress: []networkingv1.NetworkPolicyEgressRule{
{
Ports: []networkingv1.NetworkPolicyPort{
// Allow DNS look-ups
{
Protocol: &protocolUDP,
Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53},
},
},
},
{
To: []networkingv1.NetworkPolicyPeer{
{
@ -2234,7 +2144,7 @@ func createNetworkClientPodWithRestartPolicy(f *framework.Framework, namespace *
Command: []string{"/bin/sh"},
Args: []string{
"-c",
fmt.Sprintf("for i in $(seq 1 5); do /agnhost connect %s.%s:%d --protocol %s --timeout 8s && exit 0 || sleep 1; done; exit 1", targetService.Name, targetService.Namespace, targetPort, connectProtocol),
fmt.Sprintf("for i in $(seq 1 5); do /agnhost connect %s:%d --protocol %s --timeout 8s && exit 0 || sleep 1; done; exit 1", targetService.Spec.ClusterIP, targetPort, connectProtocol),
},
},
},