-
Notifications
You must be signed in to change notification settings - Fork 431
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
k8s network policy legacy e2e test fails #2285
Comments
测试案例中只要是调用到testCannotConnect函数的基本会错。 networklegacy里面的案例 在测试pod不能连通的时候,是通过pod添加启动脚本来实现的。
如果脚本连的ip能通,返回exit 0, pod状态podSuccess, 原因是:
看需不需要把这个isPodAlive的判断拿掉。 另外networklegacy和networkpolicy的测试案例是完全一样的, |
把 isPodAlive 去掉吧,现在这样相当于存在安全隐患,启动的一段时间内策略是失效的 |
networkpolicy的acl配置下去时序也不太稳定。 举个例子kube-ovn-controller的log
在server端抓包,一旦有包证明pod启动脚本开始执行,可以看到抓包时间比np更新早1s
calico 我测试了下没这种时序问题,可能calico的acl执行起来更快。 另外观察了下pod phase处于pending状态的时候就开始执行启动脚本。 |
Need backport to release-1.11 |
Expected Behavior
Actual Behavior
IPv4:
IPv6:
Steps to Reproduce the Problem
Additional Info
Kubernetes version:
Output of
kubectl version
:kube-ovn version:
operation-system/kernel version:
Output of
awk -F '=' '/PRETTY_NAME/ { print $2 }' /etc/os-release
:Output of
uname -r
:The text was updated successfully, but these errors were encountered: