SameLabels support for ACNP peer Namespace selection #4537
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## main #4537 +/- ##
==========================================
- Coverage 73.57% 68.51% -5.06%
==========================================
Files 410 403 -7
Lines 61105 58816 -2289
==========================================
- Hits 44956 40297 -4659
- Misses 13257 15711 +2454
+ Partials 2892 2808 -84
*This pull request uses carry forward flags. Click here to find out more.
|
Dyanngg
force-pushed
the
same-labels
branch
10 times, most recently
from
d9adf87
to
dbfd891
Compare
Dyanngg
changed the title
Dyanngg
force-pushed
the
same-labels
branch
2 times, most recently
from
9eb0b92
to
e18f8c6
Compare
|
/test-multicluster-e2e |
1 similar comment
|
/test-multicluster-e2e |
qiyueyao
reviewed
Jan 17, 2023
Thanks for the heads up. Updated the logic in these functions to better filter the ACNPs that need to be reprocessed |
|
@tnqn could you help review this? Hope to merge it by 1.11. Thanks |
|
/test-all |
Dyanngg
force-pushed
the
same-labels
branch
2 times, most recently
from
a2da5ad
to
70eccc8
Compare
Will do in a separate PR |
tnqn
reviewed
Mar 5, 2024
tnqn
previously approved these changes
Mar 14, 2024
test/e2e/antreapolicy_test.go
Outdated
| podIPs map[string][]string | ||
| p80, p81, p8080, p8081, p8082, p8085, p6443 int32 | ||
| nodes map[string]string | ||
| selfNamespace *crdv1beta1.PeerNamespaces |
There was a problem hiding this comment.
This is a "invariant" variable defined for reuse, right? I think it's more clear to initialize its value here, instead of in a function. So do other cases like "p80, p81, p8080, p8081, p8082, p8085, p6443".
test/e2e/k8s_util.go
Outdated
Comment on lines
846
to
847
| _, err := k.crdClient.CrdV1alpha3().Groups(namespace).Get(context.TODO(), name, metav1.GetOptions{}) | ||
| if err != nil { |
There was a problem hiding this comment.
I had a PR to simplify such code: no need to get a resource first as create will fail with a specific AlreadyExists error anyway.
tnqn
added
the
action/release-note
Signed-off-by: Dyanngg <dingyang@vmware.com>
Signed-off-by: Dyanngg <dingyang@vmware.com>
Signed-off-by: Dyanngg <dingyang@vmware.com>
Signed-off-by: Dyanngg <dingyang@vmware.com>
Signed-off-by: Dyanngg <dingyang@vmware.com>
Signed-off-by: Dyanngg <dingyang@vmware.com>
Signed-off-by: Dyanngg <dingyang@vmware.com>
|
In which version is this expected to be released? |
@jsalatiel It will be in the next release: v2.0 |
|
/test-all |
hongliangl
added a commit
to hongliangl/antrea
that referenced
this pull request
Apr 2, 2024
In NodeNetworkPolicy e2e tests, we have test the following cases: - Nodes to Nodes. We deploy two hostNetwork Pods on different Nodes. - Node to remote Pods. We deploy a hostNetwork Pod on a Node and a non-hostNetwork Pod on another Node. For case of Node to local Pods, we don't test it since the UDP probing from a non-hostNetwork Pod to the hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request packets, resulting in the failure of test Pods initialization. This PR fixes the e2e test failure by reverting the test Pods initialization modified by PR antrea-io#4537. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
hongliangl
added a commit
to hongliangl/antrea
that referenced
this pull request
Apr 2, 2024
In NodeNetworkPolicy e2e tests, we have the following cases: - Nodes to Nodes. We deploy two hostNetwork Pods on different Nodes. - Node to remote Pods. We deploy a hostNetwork Pod on a Node and a non-hostNetwork Pod on another Node. For the case of Node to local Pods, we don't test it since the UDP probing from a non-hostNetwork Pod to the hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request packets, resulting in the failure of test Pods initialization. This PR fixes the e2e test failure by reverting the test Pods initialization modified by PR antrea-io#4537. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
hongliangl
added a commit
to hongliangl/antrea
that referenced
this pull request
Apr 2, 2024
In NodeNetworkPolicy e2e tests, we have the following cases: - Node to Node. We deploy two hostNetwork Pods on different Nodes. - Node to remote Pods. We deploy a hostNetwork Pod on a Node and a non-hostNetwork Pod on another Node. For the case of Node to local Pods, we don't test it since the UDP probing from a non-hostNetwork Pod to the hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request packets, resulting in the failure of test Pods initialization. This PR fixes the e2e test failure by reverting the test Pods initialization modified by PR antrea-io#4537. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
hongliangl
added a commit
to hongliangl/antrea
that referenced
this pull request
Apr 9, 2024
In NodeNetworkPolicy e2e tests, we have the following cases: - Node to Nodes. We deploy two hostNetwork Pods on different Nodes. - Node to remote Pods. We deploy a hostNetwork Pod on a Node and a non-hostNetwork Pod on another Node. For the case of Node to local Pods, we don't test it since the UDP probing from a non-hostNetwork Pod to the hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request packets, resulting in the failure of test Pods initialization. This PR fixes the e2e test failure by reverting the test Pods initialization modified by PR antrea-io#4537. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds the
sameLabelsfield in ACNP peer'snamespaces.The usecase for this field is to allow cluster admins to create ACNPs that
isolate Namespaces based on their label values. For example, if there are
numerous Namespaces in the cluster that has label tier=production and
other Namespaces with label tier=dev, admins can create a single ACNP
that says the production Namespaces can only communicate within
themselves, and same for the dev Namespaces.