Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

e2e network policy enclose IPv6 destinations #96856

Merged
merged 1 commit into from Dec 9, 2020
Merged

e2e network policy enclose IPv6 destinations #96856

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
14 changes: 7 additions & 7 deletions test/e2e/network/network_policy.go
View file
Open in desktop
Expand Up @@ -21,6 +21,7 @@ import (
"encoding/json"
"fmt"
"net"
"strconv"
"time"

v1 "k8s.io/api/core/v1"
Expand Down Expand Up @@ -1033,7 +1034,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
ginkgo.By("client-b should not be able to communicate with server port 81 in namespace-a", func() {
testCannotConnect(f, nsB, "client-b", service, notAllowedPort)
})

})

ginkgo.It("should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]", func() {
Expand Down Expand Up @@ -1158,7 +1158,7 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
ginkgo.By("Creating a network policy for the server which allows traffic from all clients.")
policyIngressAllowAll := &networkingv1.NetworkPolicy{
ObjectMeta: metav1.ObjectMeta{
//Namespace: f.Namespace.Name,
// Namespace: f.Namespace.Name,
Name: "allow-all",
},
Spec: networkingv1.NetworkPolicySpec{
Expand Down Expand Up @@ -1333,7 +1333,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
ginkgo.By("Creating client-a which should be able to contact the server.", func() {
testCanConnect(f, f.Namespace, "client-a", service, 80)
})

})

ginkgo.It("should allow egress access to server in CIDR block [Feature:NetworkPolicy]", func() {
Expand Down Expand Up @@ -1580,7 +1579,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() {
ginkgo.By("Creating client-a which should still be able to contact the server after recreating the network policy with except clause.", func() {
testCanConnect(f, f.Namespace, "client-a", service, 80)
})

})

ginkgo.It("should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy]", func() {
Expand Down Expand Up @@ -2144,7 +2142,7 @@ func createNetworkClientPodWithRestartPolicy(f *framework.Framework, namespace *
Command: []string{"/bin/sh"},
Args: []string{
"-c",
fmt.Sprintf("for i in $(seq 1 5); do /agnhost connect %s:%d --protocol %s --timeout 8s && exit 0 || sleep 1; done; exit 1", targetService.Spec.ClusterIP, targetPort, connectProtocol),
fmt.Sprintf("for i in $(seq 1 5); do /agnhost connect %s --protocol %s --timeout 8s && exit 0 || sleep 1; done; exit 1", net.JoinHostPort(targetService.Spec.ClusterIP, strconv.Itoa(targetPort)), connectProtocol),
},
},
},
Expand Down Expand Up @@ -2200,10 +2198,12 @@ var _ = SIGDescribe("NetworkPolicy API", func() {
npVersion := "v1"
npClient := f.ClientSet.NetworkingV1().NetworkPolicies(ns)
npTemplate := &networkingv1.NetworkPolicy{
ObjectMeta: metav1.ObjectMeta{GenerateName: "e2e-example-netpol",
ObjectMeta: metav1.ObjectMeta{
GenerateName: "e2e-example-netpol",
Labels: map[string]string{
"special-label": f.UniqueName,
}},
},
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is my linter things 🤷

},
Spec: networkingv1.NetworkPolicySpec{
// Apply this policy to the Server
PodSelector: metav1.LabelSelector{
Expand Down