-
Notifications
You must be signed in to change notification settings - Fork 346
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extended Post-installation test framework to support Network Policies #6367
Extended Post-installation test framework to support Network Policies #6367
Conversation
Signed-off-by: Kanha gupta <[email protected]>
The framework currently utilises runagnhostcommand function which needs some discussion because networkpolicy tests requires receiving error in order to ensure its working fine and therefore runagnhostcommand gives logs such as :
|
type AllEgressDenyConnectivityTest struct{} | ||
|
||
func init() { | ||
RegisterTest("all-egress-deny-connectivity", &AllEgressDenyConnectivityTest{}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I noticed that testsRegistry is map[string]Test
, how to guarantee the registered test cases' execution sequences? I suppose this depends on the basic Pod connectivity test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't reviewed the PR yet, but all tests should be independent and we should not mandate any specific execution order.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sense, @kanha-gupta could you check and make sure there is no dependency between each test? In your current implementation, I think your NP tests depends on Pod connectivity tests deployment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @luolanzone, Currently NP tests utilises Pod connectivity deployments that is client pod, echo same node pod and echo other node pod. Each NP test that is conducted first applies NP to required deployment and at the end, it deletes before proceeding to next test. This makes sure No error occurs and no test is executed with NP still applied to deployments. This would also help when we expand the number of NP test cases.
Should we create new deployments for NP ? I believe it would follow the same format of 2 deployments on first node and 1 deployment on second node ?
Signed-off-by: Kanha gupta <[email protected]>
if err != nil { | ||
return fmt.Errorf("error creating NetworkPolicy: %w", err) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if err != nil { | |
return fmt.Errorf("error creating NetworkPolicy: %w", err) | |
} | |
if err != nil { | |
// Handle the case where the NetworkPolicy already exists | |
if errors.IsAlreadyExists(err) { | |
fmt.Fprintf(os.Stdout, "NetworkPolicy %s already exists in namespace %s\n", networkPolicy.Name, namespace) | |
return nil | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's worth checking this specific error as this is in a random namespace, having such check doesn't seem useful. Besides, none of other creations have performed such check, there is no reason to make NetworkPolicy special.
if err != nil { | ||
return fmt.Errorf("error creating NetworkPolicy: %w", err) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's worth checking this specific error as this is in a random namespace, having such check doesn't seem useful. Besides, none of other creations have performed such check, there is no reason to make NetworkPolicy special.
Signed-off-by: Kanha gupta <[email protected]>
b990cb8
to
130dfc6
Compare
Hey mentors,
|
Signed-off-by: Kanha gupta <[email protected]>
Hey mentors, Changes have been pushed :) |
Signed-off-by: Kanha gupta <[email protected]>
Changes are pushed :) |
Yes, please use the |
Thanks a lot :) |
Signed-off-by: Kanha gupta <[email protected]>
59a3c66
to
a79dcec
Compare
/skip-all |
It supports All ingress deny policy and All egress deny policy to conduct testing.
Ingress gets applied on echoSameNode and echoOtherNode deployments and Egress is applied on client deployment in order to conduct testing.