Merge pull request #53755 from bcreane/named-ports

Automatic merge from submit-queue (batch tested with PRs 48665, 52849, 54006, 53755). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add named-port ingress test **What this PR does / why we need it**: Validate correct behavior when a `NetworkPolicyIngressRule` refers to a named port rather than a numerical port, e.g. `serve-80` rather than `80`. **Release note**: ```release-note NONE ```
2025-07-30 06:54:01 +00:00 · 2017-10-16 18:09:49 -07:00 · 2017-10-16 18:09:49 -07:00 · c42c34daf2
commit c42c34daf2
parent c65b4b6df4 65e1777622
1 changed files with 39 additions and 1 deletions
--- a/test/e2e/network/network_policy.go
+++ b/test/e2e/network/network_policy.go
@ -277,6 +277,39 @@ var _ = SIGDescribe("NetworkPolicy", func() {
 			testCanConnect(f, f.Namespace, "client-a", service, 80)
 			testCanConnect(f, f.Namespace, "client-b", service, 81)
 		})
+
+		It("should allow ingress access on one named port [Feature:NetworkPolicy]", func() {
+			policy := &networking.NetworkPolicy{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "allow-client-a-via-named-port-ingress-rule",
+				},
+				Spec: networking.NetworkPolicySpec{
+					// Apply this policy to the Server
+					PodSelector: metav1.LabelSelector{
+						MatchLabels: map[string]string{
+							"pod-name": podServer.Name,
+						},
+					},
+					// Allow traffic to only one named port: "serve-80".
+					Ingress: []networking.NetworkPolicyIngressRule{{
+						Ports: []networking.NetworkPolicyPort{{
+							Port: &intstr.IntOrString{Type: intstr.String, StrVal: "serve-80"},
+						}},
+					}},
+				},
+			}
+
+			policy, err := f.InternalClientset.Networking().NetworkPolicies(f.Namespace.Name).Create(policy)
+			Expect(err).NotTo(HaveOccurred())
+			defer cleanupNetworkPolicy(f, policy)
+
+			By("Creating client-a which should be able to contact the server.", func() {
+				testCanConnect(f, f.Namespace, "client-a", service, 80)
+			})
+			By("Creating client-b which should not be able to contact the server on port 81.", func() {
+				testCannotConnect(f, f.Namespace, "client-b", service, 81)
+			})
+		})
 	})
 })

@ -392,7 +425,12 @@ func createServerPodAndService(f *framework.Framework, namespace *v1.Namespace,
 					Value: "foo",
 				},
 			},
-			Ports: []v1.ContainerPort{{ContainerPort: int32(port)}},
+			Ports: []v1.ContainerPort{
+				{
+					ContainerPort: int32(port),
+					Name:          fmt.Sprintf("serve-%d", port),
+				},
+			},
 			ReadinessProbe: &v1.Probe{
 				Handler: v1.Handler{
 					HTTPGet: &v1.HTTPGetAction{