diff --git a/test/e2e/network/network_policy.go b/test/e2e/network/network_policy.go index c99e1faa9cc..7a1df2e9314 100644 --- a/test/e2e/network/network_policy.go +++ b/test/e2e/network/network_policy.go @@ -701,7 +701,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { ginkgo.It("should allow egress access on one named port [Feature:NetworkPolicy]", func() { clientPodName := "client-a" - protocolUDP := v1.ProtocolUDP policy := &networkingv1.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "allow-client-a-via-named-port-egress-rule", @@ -719,11 +718,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { { Port: &intstr.IntOrString{Type: intstr.String, StrVal: "serve-80"}, }, - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, }, }}, }, @@ -967,7 +961,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { ginkgo.It("should work with Ingress,Egress specified together [Feature:NetworkPolicy]", func() { const allowedPort = 80 const notAllowedPort = 81 - protocolUDP := v1.ProtocolUDP nsBName := f.BaseName + "-b" nsB, err := f.CreateNamespace(nsBName, map[string]string{ @@ -1003,15 +996,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { }}, }}, Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1082,7 +1066,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { framework.ExpectNoError(err, "Error occurred while waiting for pod status in namespace: Ready.") ginkgo.By("Creating a network policy for the server which allows traffic only to a server in different namespace.") - protocolUDP := v1.ProtocolUDP policyAllowToServerInNSB := &networkingv1.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ Namespace: nsA.Name, @@ -1098,15 +1081,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic only to server-a in namespace-b Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1218,8 +1192,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { framework.ExpectNoError(err, "Error occurred while waiting for pod type: Ready.") }) - protocolUDP := v1.ProtocolUDP - ginkgo.By("Creating client-a which should be able to contact the server before applying policy.", func() { testCanConnect(f, f.Namespace, "client-a", serviceB, 80) }) @@ -1240,15 +1212,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic only to "server-a" Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1377,8 +1340,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { var serviceB *v1.Service var podServerB *v1.Pod - protocolUDP := v1.ProtocolUDP - // Getting podServer's status to get podServer's IP, to create the CIDR podServerStatus, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), podServer.Name, metav1.GetOptions{}) if err != nil { @@ -1421,15 +1382,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to only one CIDR block. Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1456,8 +1408,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { }) ginkgo.It("should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy]", func() { - protocolUDP := v1.ProtocolUDP - // Getting podServer's status to get podServer's IP, to create the CIDR with except clause podServerStatus, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), podServer.Name, metav1.GetOptions{}) if err != nil { @@ -1497,15 +1447,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to only one CIDR block except subnet which includes Server. Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1530,8 +1471,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { }) ginkgo.It("should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy]", func() { - protocolUDP := v1.ProtocolUDP - // Getting podServer's status to get podServer's IP, to create the CIDR with except clause podServerStatus, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), podServer.Name, metav1.GetOptions{}) if err != nil { @@ -1568,15 +1507,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to only one CIDR block except subnet which includes Server. Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1614,15 +1544,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to only one CIDR block which includes Server. Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1667,8 +1588,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { var podA, podB *v1.Pod var err error - protocolUDP := v1.ProtocolUDP - // Before applying policy, communication should be successful between pod-a and pod-b podA, serviceA = createServerPodAndService(f, f.Namespace, "pod-a", []protocolPort{{80, v1.ProtocolTCP}}) ginkgo.By("Waiting for pod-a to be ready", func() { @@ -1705,15 +1624,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to server on pod-b Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -2234,7 +2144,7 @@ func createNetworkClientPodWithRestartPolicy(f *framework.Framework, namespace * Command: []string{"/bin/sh"}, Args: []string{ "-c", - fmt.Sprintf("for i in $(seq 1 5); do /agnhost connect %s.%s:%d --protocol %s --timeout 8s && exit 0 || sleep 1; done; exit 1", targetService.Name, targetService.Namespace, targetPort, connectProtocol), + fmt.Sprintf("for i in $(seq 1 5); do /agnhost connect %s:%d --protocol %s --timeout 8s && exit 0 || sleep 1; done; exit 1", targetService.Spec.ClusterIP, targetPort, connectProtocol), }, }, },