From d4b14d6b7bd719e4b71b7a48780cf77e27c235eb Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Thu, 9 Jan 2025 17:13:20 -0500 Subject: [PATCH] Updates UDN tests with required NS label This label will be required for namespaces that wish to use a primary UDN. Signed-off-by: Tim Rozet --- test/extended/networking/livemigration.go | 19 ++++++- .../networking/network_segmentation.go | 56 ++++++++++++++++--- ...twork_segmentation_endpointslice_mirror.go | 42 +++++++++----- .../networking/network_segmentation_policy.go | 16 ++++-- 4 files changed, 106 insertions(+), 27 deletions(-) diff --git a/test/extended/networking/livemigration.go b/test/extended/networking/livemigration.go index 67e15b1a7ce9..f54df6fcbf6b 100644 --- a/test/extended/networking/livemigration.go +++ b/test/extended/networking/livemigration.go @@ -33,6 +33,8 @@ import ( var _ = Describe("[sig-network][OCPFeatureGate:PersistentIPsForVirtualization][Feature:Layer2LiveMigration] Kubevirt Virtual Machines", func() { oc := exutil.NewCLIWithPodSecurityLevel("network-segmentation-e2e", admissionapi.LevelBaseline) f := oc.KubeFramework() + // disable automatic namespace creation, we need to add the required UDN label + f.SkipNamespaceCreation = true InOVNKubernetesContext(func() { var ( @@ -68,6 +70,15 @@ var _ = Describe("[sig-network][OCPFeatureGate:PersistentIPsForVirtualization][F DescribeTable("[Suite:openshift/network/virtualization] should keep ip", func(netConfig networkAttachmentConfigParams, vmResource string, opCmd func(cli *kubevirt.Client, vmNamespace, vmName string)) { var err error + l := map[string]string{ + "e2e-framework": f.BaseName, + } + if netConfig.role == "primary" { + l[RequiredUDNNamespaceLabel] = "" + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns netConfig.namespace = f.Namespace.Name // correctCIDRFamily makes use of the ginkgo framework so it needs to be in the testcase netConfig.cidr = correctCIDRFamily(oc, cidrIPv4, cidrIPv6) @@ -219,6 +230,8 @@ var _ = Describe("[sig-network][OCPFeatureGate:PersistentIPsForVirtualization][F var _ = Describe("[sig-network][Feature:Layer2LiveMigration][OCPFeatureGate:NetworkSegmentation][Suite:openshift/network/virtualization] primary UDN smoke test", func() { oc := exutil.NewCLIWithPodSecurityLevel("network-segmentation-e2e", admissionapi.LevelBaseline) f := oc.KubeFramework() + // disable automatic namespace creation, we need to add the required UDN label + f.SkipNamespaceCreation = true const ( nadName = "blue" @@ -235,7 +248,11 @@ var _ = Describe("[sig-network][Feature:Layer2LiveMigration][OCPFeatureGate:Netw BeforeEach(func() { cs = f.ClientSet - var err error + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + }) + f.Namespace = ns nadClient, err = nadclient.NewForConfig(f.ClientConfig()) Expect(err).NotTo(HaveOccurred()) }) diff --git a/test/extended/networking/network_segmentation.go b/test/extended/networking/network_segmentation.go index 104dd4b6c8b8..2d35fcb67bb0 100644 --- a/test/extended/networking/network_segmentation.go +++ b/test/extended/networking/network_segmentation.go @@ -37,6 +37,7 @@ import ( ) const openDefaultPortsAnnotation = "k8s.ovn.org/open-default-ports" +const RequiredUDNNamespaceLabel = "k8s.ovn.org/primary-user-defined-network" var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks]", func() { // TODO: so far, only the isolation tests actually require this PSA ... Feels wrong to run everything priviliged. @@ -44,6 +45,8 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User // it didn't work. oc := exutil.NewCLIWithPodSecurityLevel("network-segmentation-e2e", admissionapi.LevelPrivileged) f := oc.KubeFramework() + // disable automatic namespace creation, we need to add the required UDN label + f.SkipNamespaceCreation = true InOVNKubernetesContext(func() { const ( @@ -72,7 +75,6 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User DescribeTableSubtree("created using", func(createNetworkFn func(c networkAttachmentConfigParams) error) { - DescribeTable( "can perform east/west traffic between nodes", func( @@ -81,6 +83,15 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User serverPodConfig podConfiguration, ) { var err error + l := map[string]string{ + "e2e-framework": f.BaseName, + } + if netConfig.role == "primary" { + l[RequiredUDNNamespaceLabel] = "" + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns netConfig.namespace = f.Namespace.Name // correctCIDRFamily makes use of the ginkgo framework so it needs to be in the testcase @@ -161,9 +172,18 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User netConfigParams networkAttachmentConfigParams, udnPodConfig podConfiguration, ) { + l := map[string]string{ + "e2e-framework": f.BaseName, + } + if netConfigParams.role == "primary" { + l[RequiredUDNNamespaceLabel] = "" + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns By("Creating second namespace for default network pods") defaultNetNamespace := f.Namespace.Name + "-default" - _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ + _, err = cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: defaultNetNamespace, }, @@ -372,7 +392,13 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User userDefinedv6Subnet string, ) { - + l := map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns red := "red" blue := "blue" @@ -388,7 +414,8 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User By("Creating namespace " + namespace) _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ - Name: namespace, + Name: namespace, + Labels: l, }, }, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -555,7 +582,7 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User }), ) - Context("UserDefinedNetwork", func() { + Context("Secondary UserDefinedNetwork", func() { const ( testUdnName = "test-net" userDefinedNetworkResource = "userdefinednetwork" @@ -658,6 +685,14 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User primaryUdnName = "primary-net" ) + l := map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns + By("create primary network NetworkAttachmentDefinition") primaryNetNad := generateNAD(newNetworkAttachmentConfig(networkAttachmentConfigParams{ role: "primary", @@ -666,7 +701,7 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User networkName: primaryNadName, cidr: "10.10.100.0/24", })) - _, err := nadClient.NetworkAttachmentDefinitions(f.Namespace.Name).Create(context.Background(), primaryNetNad, metav1.CreateOptions{}) + _, err = nadClient.NetworkAttachmentDefinitions(f.Namespace.Name).Create(context.Background(), primaryNetNad, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("create primary network UserDefinedNetwork") @@ -686,7 +721,7 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User Expect(actualConditions[0].Message).To(Equal(expectedMessage)) }) - Context("UDN Pod", func() { + Context("Primary UDN Pod", func() { const ( testUdnName = "test-net" testPodName = "test-pod-udn" @@ -695,6 +730,13 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User var udnPod *v1.Pod BeforeEach(func() { + l := map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns By("create tests UserDefinedNetwork") cleanup, err := createManifest(f.Namespace.Name, newPrimaryUserDefinedNetworkManifest(oc, testUdnName)) DeferCleanup(cleanup) diff --git a/test/extended/networking/network_segmentation_endpointslice_mirror.go b/test/extended/networking/network_segmentation_endpointslice_mirror.go index f3d8fb8529e0..682c85942669 100644 --- a/test/extended/networking/network_segmentation_endpointslice_mirror.go +++ b/test/extended/networking/network_segmentation_endpointslice_mirror.go @@ -30,6 +30,7 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User oc := exutil.NewCLIWithPodSecurityLevel("endpointslices-mirror-e2e", admissionapi.LevelPrivileged) f := oc.KubeFramework() + f.SkipNamespaceCreation = true InOVNKubernetesContext(func() { const ( userDefinedNetworkIPv4Subnet = "203.203.0.0/16" @@ -44,8 +45,12 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User BeforeEach(func() { cs = f.ClientSet - - var err error + namespace, err := f.CreateNamespace(context.TODO(), f.BaseName, map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + }) + f.Namespace = namespace + Expect(err).NotTo(HaveOccurred()) nadClient, err = nadclient.NewForConfig(f.ClientConfig()) Expect(err).NotTo(HaveOccurred()) }) @@ -180,16 +185,25 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User func( netConfig networkAttachmentConfigParams, ) { + By("creating default net namespace") + defaultNetNamespace := &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: f.Namespace.Name + "-default", + }, + } + f.AddNamespacesToDelete(defaultNetNamespace) + _, err := cs.CoreV1().Namespaces().Create(context.Background(), defaultNetNamespace, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) By("creating the network") - netConfig.namespace = f.Namespace.Name + netConfig.namespace = defaultNetNamespace.Name Expect(createNetworkFn(netConfig)).To(Succeed()) By("deploying the backend pods") replicas := 3 for i := 0; i < replicas; i++ { - runUDNPod(cs, f.Namespace.Name, + runUDNPod(cs, defaultNetNamespace.Name, *podConfig(fmt.Sprintf("backend-%d", i), func(cfg *podConfiguration) { - cfg.namespace = f.Namespace.Name + cfg.namespace = defaultNetNamespace.Name // Add the net-attach annotation for secondary networks if netConfig.role == "secondary" { cfg.attachments = []nadapi.NetworkSelectionElement{{Name: netConfig.name}} @@ -208,12 +222,12 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User svc := e2eservice.CreateServiceSpec("test-service", "", false, map[string]string{"app": "test"}) familyPolicy := corev1.IPFamilyPolicyPreferDualStack svc.Spec.IPFamilyPolicy = &familyPolicy - _, err := cs.CoreV1().Services(f.Namespace.Name).Create(context.Background(), svc, metav1.CreateOptions{}) + _, err = cs.CoreV1().Services(defaultNetNamespace.Name).Create(context.Background(), svc, metav1.CreateOptions{}) framework.ExpectNoError(err, "Failed creating service %v", err) By("asserting the mirrored EndpointSlice does not exist") Eventually(func() error { - esList, err := cs.DiscoveryV1().EndpointSlices(f.Namespace.Name).List(context.TODO(), metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", "k8s.ovn.org/service-name", svc.Name)}) + esList, err := cs.DiscoveryV1().EndpointSlices(defaultNetNamespace.Name).List(context.TODO(), metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", "k8s.ovn.org/service-name", svc.Name)}) if err != nil { return err } @@ -225,20 +239,20 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User }, 2*time.Minute, 6*time.Second).Should(Succeed()) }, Entry( - "L2 dualstack primary UDN", + "L2 primary UDN", networkAttachmentConfigParams{ name: nadName, topology: "layer2", - cidr: fmt.Sprintf("%s,%s", userDefinedNetworkIPv4Subnet, userDefinedNetworkIPv6Subnet), + cidr: correctCIDRFamily(oc, userDefinedNetworkIPv4Subnet, userDefinedNetworkIPv6Subnet), role: "secondary", }, ), Entry( - "L3 dualstack primary UDN", + "L3 primary UDN", networkAttachmentConfigParams{ name: nadName, topology: "layer3", - cidr: fmt.Sprintf("%s,%s", userDefinedNetworkIPv4Subnet, userDefinedNetworkIPv6Subnet), + cidr: correctCIDRFamily(oc, userDefinedNetworkIPv4Subnet, userDefinedNetworkIPv6Subnet), role: "secondary", }, ), @@ -247,14 +261,14 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User Entry("NetworkAttachmentDefinitions", func(c networkAttachmentConfigParams) error { netConfig := newNetworkAttachmentConfig(c) nad := generateNAD(netConfig) - _, err := nadClient.NetworkAttachmentDefinitions(f.Namespace.Name).Create(context.Background(), nad, metav1.CreateOptions{}) + _, err := nadClient.NetworkAttachmentDefinitions(fmt.Sprintf("%s-default", f.Namespace.Name)).Create(context.Background(), nad, metav1.CreateOptions{}) return err }), Entry("UserDefinedNetwork", func(c networkAttachmentConfigParams) error { udnManifest := generateUserDefinedNetworkManifest(&c) - cleanup, err := createManifest(f.Namespace.Name, udnManifest) + cleanup, err := createManifest(fmt.Sprintf("%s-default", f.Namespace.Name), udnManifest) DeferCleanup(cleanup) - Expect(waitForUserDefinedNetworkReady(f.Namespace.Name, c.name, 5*time.Second)).To(Succeed()) + Expect(waitForUserDefinedNetworkReady(fmt.Sprintf("%s-default", f.Namespace.Name), c.name, 5*time.Second)).To(Succeed()) return err }), ) diff --git a/test/extended/networking/network_segmentation_policy.go b/test/extended/networking/network_segmentation_policy.go index d88248b4313c..360987788d02 100644 --- a/test/extended/networking/network_segmentation_policy.go +++ b/test/extended/networking/network_segmentation_policy.go @@ -25,6 +25,7 @@ var _ = ginkgo.Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Featu oc := exutil.NewCLIWithPodSecurityLevel("network-segmentation-policy-e2e", admissionapi.LevelPrivileged) f := oc.KubeFramework() + f.SkipNamespaceCreation = true InOVNKubernetesContext(func() { const ( nodeHostnameKey = "kubernetes.io/hostname" @@ -46,8 +47,12 @@ var _ = ginkgo.Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Featu ginkgo.BeforeEach(func() { cs = f.ClientSet - - var err error + namespace, err := f.CreateNamespace(context.TODO(), f.BaseName, map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + }) + f.Namespace = namespace + gomega.Expect(err).NotTo(gomega.HaveOccurred()) nadClient, err = nadclient.NewForConfig(f.ClientConfig()) gomega.Expect(err).NotTo(gomega.HaveOccurred()) @@ -57,7 +62,8 @@ var _ = ginkgo.Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Featu ginkgo.By("Creating namespace " + namespace) ns, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ - Name: namespace, + Name: namespace, + Labels: map[string]string{RequiredUDNNamespaceLabel: ""}, }, }, metav1.CreateOptions{}) gomega.Expect(err).NotTo(gomega.HaveOccurred()) @@ -138,7 +144,7 @@ var _ = ginkgo.Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Featu }, ginkgo.Entry( - "in L2 dualstack primary UDN", + "in L2 primary UDN", "layer2", *podConfig( "client-pod", @@ -151,7 +157,7 @@ var _ = ginkgo.Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Featu ), ), ginkgo.Entry( - "in L3 dualstack primary UDN", + "in L3 primary UDN", "layer3", *podConfig( "client-pod",