Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #2662: Add in-cluster svc fqdn e2e test #2691

Merged
merged 1 commit into from Sep 1, 2021
Merged

Automated cherry pick of #2662: Add in-cluster svc fqdn e2e test #2691

merged 1 commit into from Sep 1, 2021

Conversation

GraysonWu
Copy link
Contributor

Cherry pick of #2662 on release-1.3.

#2662: Add in-cluster svc fqdn e2e test

For details on the cherry pick process, see the cherry pick requests page.

@GraysonWu
Add in-cluster svc fqdn e2e test
27a0458 
Add a new test case using in-cluster headless Services to test FQDN
policies, to avoid having a dependency on external connectivity. The reason we
use headless Service is that FQDN will use the IP from DNS A/AAAA records to
implement flows in the egress policy table. For a non-headless Service, the DNS
name resolves to the ClusterIP for the Service. But when traffic arrives to the
egress table, the dstIP has already been DNATed to the Endpoints IP by
AntreaProxy Service Load-Balancing, and the policies are not enforced correctly.
For a headless Service, the Endpoints IP will be directly returned by the DNS
server. In this case, FQDN based policies can be enforced successfully.

Signed-off-by: wgrayson <wgrayson@vmware.com>
@GraysonWu GraysonWu added the kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release label Sep 1, 2021
@codecov-commenter
Copy link

codecov-commenter commented Sep 1, 2021
edited

Codecov Report

Merging #2691 (27a0458) into release-1.3 (8c2abcd) will increase coverage by 19.61%.
The diff coverage is n/a.

Impacted file tree graph

@@               Coverage Diff                @@
##           release-1.3    #2691       +/-   ##
================================================
+ Coverage        41.05%   60.67%   +19.61%     
================================================
  Files              158      285      +127     
  Lines            19243    23004     +3761     
================================================
+ Hits              7900    13957     +6057     
+ Misses           10596     7547     -3049     
- Partials           747     1500      +753
Flag Coverage Δ
kind-e2e-tests 48.37% <ø> (?)
unit-tests 41.06% <ø> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/apiserver/handlers/webhook/convert_crd.go 2.56% <0.00%> (ø)
pkg/apiserver/handlers/webhook/mutation_labels.go 24.71% <0.00%> (ø)
...ontroller/crdmirroring/crdhandler/networkpolicy.go 11.86% <0.00%> (ø)
...g/agent/apiserver/handlers/featuregates/handler.go 82.35% <0.00%> (ø)
...clusterinformation/v1beta1/antreacontrollerinfo.go 0.00% <0.00%> (ø)
pkg/antctl/transform/common/transform.go 0.00% <0.00%> (ø)
pkg/legacyapis/system/install/install.go 100.00% <0.00%> (ø)
...s/externalversions/core/v1alpha2/externalentity.go 64.28% <0.00%> (ø)
pkg/apiserver/registry/networkpolicy/util.go 100.00% <0.00%> (ø)
pkg/signals/signals.go 100.00% <0.00%> (ø)
... and 229 more

@antoninbas
Copy link
Contributor

/test-e2e

@antoninbas antoninbas merged commit aa6218f into antrea-io:release-1.3 Sep 1, 2021
@antoninbas antoninbas deleted the automated-cherry-pick-of-#2662-upstream-release-1.3 branch September 1, 2021 20:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@antoninbas antoninbas antoninbas approved these changes

Assignees
No one assigned
Labels
kind/cherry-pick Categorizes issue or PR as related to the cherry-pick of a bug fix from the main branch to a release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@GraysonWu @codecov-commenter @antoninbas