github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 10:51:29 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #98389 from knabben/allow-traffic-other-ns

Browse Source 
Allow ingress from pods on another namespace
This commit is contained in:
Kubernetes Prow Robot 2021-02-18 19:04:24 -08:00 committed by GitHub
commit b710c1043a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
test/e2e/network/netpol/network_policy.go
View File

@ -197,6 +197,19 @@ var _ = SIGDescribeCopy("Netpol [LinuxOnly]", func() {
ValidateOrFail(k8s, model, &TestCase{ToPort: 80, Protocol: v1.ProtocolTCP, Reachability: reachability}) ValidateOrFail(k8s, model, &TestCase{ToPort: 80, Protocol: v1.ProtocolTCP, Reachability: reachability})
}) })
ginkgo.It("should enforce policy to allow ingress traffic from pods in all namespaces [Feature:NetworkPolicy]", func() {
nsX, _, _, model, k8s := getK8SModel(f)
emptyLabel := &metav1.LabelSelector{
MatchLabels: map[string]string{},
}
policy := GetAllowIngressByNamespace("allow-from-another-ns", map[string]string{"pod": "a"}, emptyLabel)
CreatePolicy(k8s, policy, nsX)
reachability := NewReachability(model.AllPods(), true)
ValidateOrFail(k8s, model, &TestCase{ToPort: 80, Protocol: v1.ProtocolTCP, Reachability: reachability})
})
ginkgo.It("should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy]", func() { ginkgo.It("should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy]", func() {
nsX, nsY, nsZ, model, k8s := getK8SModel(f) nsX, nsY, nsZ, model, k8s := getK8SModel(f)
allowedLabels := &metav1.LabelSelector{ allowedLabels := &metav1.LabelSelector{