diff --git a/test/extended/networking/network_segmentation.go b/test/extended/networking/network_segmentation.go index 2c1c28c23377..65d669d399f9 100644 --- a/test/extended/networking/network_segmentation.go +++ b/test/extended/networking/network_segmentation.go @@ -550,9 +550,23 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User Expect(waitForUserDefinedNetworkReady(c.namespace, c.name, udnCrReadyTimeout)).To(Succeed()) return err }), + Entry("ClusterUserDefinedNetwork", func(c networkAttachmentConfigParams) error { + cudnManifest := generateClusterUserDefinedNetworkManifest(&c) + cleanup, err := createManifest("", cudnManifest) + DeferCleanup(func() { + cleanup() + By("delete pods in test namespace to unblock CUDN CR & associate NAD deletion") + _, err := e2ekubectl.RunKubectl(c.namespace, "delete", "pod", "--all") + Expect(err).NotTo(HaveOccurred()) + _, err = e2ekubectl.RunKubectl("", "delete", "clusteruserdefinednetwork", c.name) + Expect(err).NotTo(HaveOccurred()) + }) + Expect(waitForClusterUserDefinedNetworkReady(c.name, 5*time.Second)).To(Succeed()) + return err + }), ) - Context("UserDefinedNetwork", func() { + Context("UserDefinedNetwork CRD controller", func() { const ( testUdnName = "test-net" userDefinedNetworkResource = "userdefinednetwork" @@ -682,16 +696,277 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User expectedMessage := fmt.Sprintf("primary network already exist in namespace %q: %q", f.Namespace.Name, primaryNadName) Expect(actualConditions[0].Message).To(Equal(expectedMessage)) }) + + Context("ClusterUserDefinedNetwork CRD Controller", func() { + const ( + testClusterUdnName = "test-cluster-net" + clusterUserDefinedNetworkResource = "clusteruserdefinednetwork" + ) + var ( + testTenantNamespaces []string + ) + BeforeEach(func() { + testTenantNamespaces = []string{ + f.Namespace.Name + "blue", + f.Namespace.Name + "red", + } + + By("Creating test tenants namespaces") + for _, nsName := range testTenantNamespaces { + _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName}}, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + DeferCleanup(func() error { + err := cs.CoreV1().Namespaces().Delete(context.Background(), nsName, metav1.DeleteOptions{}) + return err + }) + } + }) + + BeforeEach(func() { + By("create test CR") + cleanup, err := createManifest("", newClusterUDNManifest(testClusterUdnName, testTenantNamespaces...)) + DeferCleanup(func() error { + cleanup() + _, _ = e2ekubectl.RunKubectl("", "delete", clusterUserDefinedNetworkResource, testClusterUdnName) + return nil + }) + Expect(err).NotTo(HaveOccurred()) + Expect(waitForClusterUserDefinedNetworkReady(testClusterUdnName, 5*time.Second)).To(Succeed()) + }) + + It("should create NAD according to spec in each target namespace and report active namespaces", func() { + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, testTenantNamespaces...) + + udnUidRaw, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName, "-o", "jsonpath='{.metadata.uid}'") + Expect(err).NotTo(HaveOccurred(), "should get the ClsuterUserDefinedNetwork UID") + testUdnUID := strings.Trim(udnUidRaw, "'") + + By("verify a NetworkAttachmentDefinition is created according to spec") + for _, testNsName := range testTenantNamespaces { + assertClusterNADManifest(nadClient, testNsName, testClusterUdnName, testUdnUID) + } + }) + + It("when CR is deleted, should delete all managed NAD in each target namespace", func() { + By("delete test CR") + _, err := e2ekubectl.RunKubectl("", "delete", clusterUserDefinedNetworkResource, testClusterUdnName) + Expect(err).NotTo(HaveOccurred()) + + for _, nsName := range testTenantNamespaces { + By(fmt.Sprintf("verify a NAD has been deleted from namesapce %q", nsName)) + Eventually(func() bool { + _, err := nadClient.NetworkAttachmentDefinitions(nsName).Get(context.Background(), testClusterUdnName, metav1.GetOptions{}) + return err != nil && kerrors.IsNotFound(err) + }, time.Second*3, time.Second*1).Should(BeTrue(), + "NADs in target namespaces should be deleted following ClusterUserDefinedNetwork deletion") + } + }) + + It("should create NAD in new created namespaces that apply to namespace-selector", func() { + testNewNs := f.Namespace.Name + "green" + + By("add new target namespace to CR namespace-selector") + patch := fmt.Sprintf(`[{"op": "add", "path": "./spec/namespaceSelector/matchExpressions/0/values/-", "value": "%s"}]`, testNewNs) + _, err := e2ekubectl.RunKubectl("", "patch", clusterUserDefinedNetworkResource, testClusterUdnName, "--type=json", "-p="+patch) + Expect(err).NotTo(HaveOccurred()) + Expect(waitForClusterUserDefinedNetworkReady(testClusterUdnName, 5*time.Second)).To(Succeed()) + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, testTenantNamespaces...) + + By("create the new target namespace") + _, err = cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: testNewNs}}, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + DeferCleanup(func() error { + err := cs.CoreV1().Namespaces().Delete(context.Background(), testNewNs, metav1.DeleteOptions{}) + return err + }) + + expectedActiveNamespaces := append(testTenantNamespaces, testNewNs) + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, expectedActiveNamespaces...) + + udnUidRaw, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName, "-o", "jsonpath='{.metadata.uid}'") + Expect(err).NotTo(HaveOccurred(), "should get the ClsuterUserDefinedNetwork UID") + testUdnUID := strings.Trim(udnUidRaw, "'") + + By("verify a NAD exist in new namespace according to spec") + assertClusterNADManifest(nadClient, testNewNs, testClusterUdnName, testUdnUID) + }) + + When("namespace-selector is mutated", func() { + It("should create NAD in namespaces that apply to mutated namespace-selector", func() { + testNewNs := f.Namespace.Name + "green" + + By("create new namespace") + _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: testNewNs}}, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + DeferCleanup(func() error { + err := cs.CoreV1().Namespaces().Delete(context.Background(), testNewNs, metav1.DeleteOptions{}) + return err + }) + + By("add new namespace to CR namespace-selector") + patch := fmt.Sprintf(`[{"op": "add", "path": "./spec/namespaceSelector/matchExpressions/0/values/-", "value": "%s"}]`, testNewNs) + _, err = e2ekubectl.RunKubectl("", "patch", clusterUserDefinedNetworkResource, testClusterUdnName, "--type=json", "-p="+patch) + Expect(err).NotTo(HaveOccurred()) + + By("verify status reports the new added namespace as active") + expectedActiveNs := append(testTenantNamespaces, testNewNs) + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, expectedActiveNs...) + + By("verify a NAD is created in new target namespace according to spec") + udnUidRaw, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName, "-o", "jsonpath='{.metadata.uid}'") + Expect(err).NotTo(HaveOccurred(), "should get the ClusterUserDefinedNetwork UID") + testUdnUID := strings.Trim(udnUidRaw, "'") + assertClusterNADManifest(nadClient, testNewNs, testClusterUdnName, testUdnUID) + }) + + It("should delete managed NAD in namespaces that no longer apply to namespace-selector", func() { + By("remove one active namespace from CR namespace-selector") + activeTenantNs := testTenantNamespaces[1] + patch := fmt.Sprintf(`[{"op": "replace", "path": "./spec/namespaceSelector/matchExpressions/0/values", "value": [%q]}]`, activeTenantNs) + _, err := e2ekubectl.RunKubectl("", "patch", clusterUserDefinedNetworkResource, testClusterUdnName, "--type=json", "-p="+patch) + Expect(err).NotTo(HaveOccurred()) + + By("verify status reports remained target namespaces only as active") + expectedActiveNs := []string{activeTenantNs} + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, expectedActiveNs...) + + removedTenantNs := testTenantNamespaces[0] + By("verify managed NAD not exist in removed target namespace") + Eventually(func() bool { + _, err := nadClient.NetworkAttachmentDefinitions(removedTenantNs).Get(context.Background(), testClusterUdnName, metav1.GetOptions{}) + return err != nil && kerrors.IsNotFound(err) + }, time.Second*300, time.Second*1).Should(BeTrue(), + "NAD in target namespaces should be deleted following CR namespace-selector mutation") + }) + }) + + Context("pod connected to ClusterUserDefinedNetwork", func() { + const testPodName = "test-pod-cluster-udn" + + var ( + udnInUseDeleteTimeout = 65 * time.Second + deleteNetworkTimeout = 5 * time.Second + deleteNetworkInterval = 1 * time.Second + + inUseNetTestTenantNamespace string + ) + + BeforeEach(func() { + inUseNetTestTenantNamespace = testTenantNamespaces[0] + + By("create pod in one of the test tenant namespaces") + networkAttachments := []nadapi.NetworkSelectionElement{ + {Name: testClusterUdnName, Namespace: inUseNetTestTenantNamespace}, + } + cfg := podConfig(testPodName, withNetworkAttachment(networkAttachments)) + cfg.namespace = inUseNetTestTenantNamespace + runUDNPod(cs, inUseNetTestTenantNamespace, *cfg, nil) + }) + + It("CR & managed NADs cannot be deleted when being used", func() { + By("verify CR cannot be deleted") + cmd := e2ekubectl.NewKubectlCommand("", "delete", clusterUserDefinedNetworkResource, testClusterUdnName) + cmd.WithTimeout(time.NewTimer(deleteNetworkTimeout).C) + _, err := cmd.Exec() + Expect(err).To(HaveOccurred(), "should fail to delete ClusterUserDefinedNetwork when used") + + By("verify CR associate NAD cannot be deleted") + Eventually(func() error { + ctx, cancel := context.WithTimeout(context.Background(), deleteNetworkTimeout) + defer cancel() + _ = nadClient.NetworkAttachmentDefinitions(inUseNetTestTenantNamespace).Delete(ctx, testClusterUdnName, metav1.DeleteOptions{}) + _, err := nadClient.NetworkAttachmentDefinitions(inUseNetTestTenantNamespace).Get(ctx, testClusterUdnName, metav1.GetOptions{}) + return err + }).ShouldNot(HaveOccurred(), + "should fail to delete UserDefinedNetwork associated NetworkAttachmentDefinition when used") + + By("verify CR status reports consuming pod") + conditionsJSON, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName, "-o", "jsonpath='{.status.conditions}'") + Expect(err).NotTo(HaveOccurred()) + assertClusterUDNStatusReportConsumers(conditionsJSON, testClusterUdnName, inUseNetTestTenantNamespace, testPodName) + + By("delete test pod") + err = cs.CoreV1().Pods(inUseNetTestTenantNamespace).Delete(context.Background(), testPodName, metav1.DeleteOptions{}) + Expect(err).ToNot(HaveOccurred()) + + By("verify CR is gone") + Eventually(func() error { + _, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName) + return err + }, udnInUseDeleteTimeout, deleteNetworkInterval).Should(HaveOccurred(), + "ClusterUserDefinedNetwork should be deleted following test pod deletion") + + By("verify CR associate NADs are gone") + for _, nsName := range testTenantNamespaces { + Eventually(func() bool { + _, err := nadClient.NetworkAttachmentDefinitions(nsName).Get(context.Background(), testClusterUdnName, metav1.GetOptions{}) + return err != nil && kerrors.IsNotFound(err) + }, deleteNetworkTimeout, deleteNetworkInterval).Should(BeTrue(), + "NADs in target namespaces should be deleted following ClusterUserDefinedNetwork deletion") + } + }) + }) + }) + + It("when primary network exist, ClusterUserDefinedNetwork status should report not-ready", func() { + testTenantNamespaces := []string{ + f.Namespace.Name + "blue", + f.Namespace.Name + "red", + } + By("Creating test tenants namespaces") + for _, nsName := range testTenantNamespaces { + _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName}}, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + DeferCleanup(func() error { + err := cs.CoreV1().Namespaces().Delete(context.Background(), nsName, metav1.DeleteOptions{}) + return err + }) + } + + By("create primary network NAD in one of the tenant namespaces") + const primaryNadName = "some-primary-net" + primaryNetTenantNs := testTenantNamespaces[0] + primaryNetNad := generateNAD(newNetworkAttachmentConfig(networkAttachmentConfigParams{ + role: "primary", + topology: "layer3", + name: primaryNadName, + networkName: primaryNadName, + cidr: "10.10.100.0/24", + })) + _, err := nadClient.NetworkAttachmentDefinitions(primaryNetTenantNs).Create(context.Background(), primaryNetNad, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + + By("create primary Cluster UDN CR") + const cudnName = "primary-net" + cleanup, err := createManifest(f.Namespace.Name, newPrimaryClusterUDNManifest(cudnName, testTenantNamespaces...)) + DeferCleanup(func() error { + cleanup() + _, _ = e2ekubectl.RunKubectl("", "delete", "clusteruserdefinednetwork", cudnName) + return nil + }) + + conditionsJSON, err := e2ekubectl.RunKubectl(f.Namespace.Name, "get", "clusteruserdefinednetwork", cudnName, "-o", "jsonpath={.status.conditions}") + Expect(err).NotTo(HaveOccurred()) + var actualConditions []metav1.Condition + Expect(json.Unmarshal([]byte(conditionsJSON), &actualConditions)).To(Succeed()) + + Expect(actualConditions[0].Type).To(Equal("NetworkReady")) + Expect(actualConditions[0].Status).To(Equal(metav1.ConditionFalse)) + Expect(actualConditions[0].Reason).To(Equal("NetworkAttachmentDefinitionSyncError")) + expectedMessage := fmt.Sprintf("primary network already exist in namespace %q: %q", primaryNetTenantNs, primaryNadName) + Expect(actualConditions[0].Message).To(Equal(expectedMessage)) + }) }) }) +var nadToUdnParams = map[string]string{ + "primary": "Primary", + "secondary": "Secondary", + "layer2": "Layer2", + "layer3": "Layer3", +} + func generateUserDefinedNetworkManifest(params *networkAttachmentConfigParams) string { - nadToUdnParams := map[string]string{ - "primary": "Primary", - "secondary": "Secondary", - "layer2": "Layer2", - "layer3": "Layer3", - } subnets := generateSubnetsYaml(params) return ` apiVersion: k8s.ovn.org/v1 @@ -707,6 +982,27 @@ spec: ` } +func generateClusterUserDefinedNetworkManifest(params *networkAttachmentConfigParams) string { + subnets := generateSubnetsYaml(params) + return ` +apiVersion: k8s.ovn.org/v1 +kind: ClusterUserDefinedNetwork +metadata: + name: ` + params.name + ` +spec: + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: [` + params.namespace + `] + network: + topology: ` + nadToUdnParams[params.topology] + ` + ` + params.topology + `: + role: ` + nadToUdnParams[params.role] + ` + subnets: ` + subnets + ` +` +} + func generateSubnetsYaml(params *networkAttachmentConfigParams) string { if params.topology == "layer3" { l3Subnets := generateLayer3Subnets(params.cidr) @@ -772,6 +1068,11 @@ func waitForUserDefinedNetworkReady(namespace, name string, timeout time.Duratio return err } +func waitForClusterUserDefinedNetworkReady(name string, timeout time.Duration) error { + _, err := e2ekubectl.RunKubectl("", "wait", "clusteruserdefinednetwork", name, "--for", "condition=NetworkReady=True", "--timeout", timeout.String()) + return err +} + func newPrimaryUserDefinedNetworkManifest(oc *exutil.CLI, name string) string { return ` apiVersion: k8s.ovn.org/v1 @@ -877,6 +1178,117 @@ func normalizeConditions(conditions []metav1.Condition) []metav1.Condition { return conditions } +func assertClusterNADManifest(nadClient nadclient.K8sCniCncfIoV1Interface, namespace, udnName, udnUID string) { + nad, err := nadClient.NetworkAttachmentDefinitions(namespace).Get(context.Background(), udnName, metav1.GetOptions{}) + Expect(err).NotTo(HaveOccurred()) + + ExpectWithOffset(1, nad.Name).To(Equal(udnName)) + ExpectWithOffset(1, nad.Namespace).To(Equal(namespace)) + ExpectWithOffset(1, nad.OwnerReferences).To(Equal([]metav1.OwnerReference{{ + APIVersion: "k8s.ovn.org/v1", + Kind: "ClusterUserDefinedNetwork", + Name: udnName, + UID: types.UID(udnUID), + BlockOwnerDeletion: pointer.Bool(true), + Controller: pointer.Bool(true), + }})) + ExpectWithOffset(1, nad.Labels).To(Equal(map[string]string{"k8s.ovn.org/user-defined-network": ""})) + ExpectWithOffset(1, nad.Finalizers).To(Equal([]string{"k8s.ovn.org/user-defined-network-protection"})) + + expectedNetworkName := "cluster.udn." + udnName + expectedNadName := namespace + "/" + udnName + ExpectWithOffset(1, nad.Spec.Config).To(MatchJSON(`{ + "cniVersion":"1.0.0", + "type": "ovn-k8s-cni-overlay", + "name": "` + expectedNetworkName + `", + "netAttachDefName": "` + expectedNadName + `", + "topology": "layer2", + "role": "secondary", + "subnets": "10.100.0.0/16" + }`)) +} + +func assertClusterUDNStatusReportsActiveNamespaces(cudnName string, expectedActiveNsNames ...string) { + conditionsRaw, err := e2ekubectl.RunKubectl("", "get", "clusteruserdefinednetwork", cudnName, "-o", "jsonpath='{.status.conditions}'") + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + conditionsRaw = strings.ReplaceAll(conditionsRaw, `\`, ``) + conditionsRaw = strings.ReplaceAll(conditionsRaw, `'`, ``) + var conditions []metav1.Condition + ExpectWithOffset(1, json.Unmarshal([]byte(conditionsRaw), &conditions)).To(Succeed()) + + c := conditions[0] + // equality matcher cannot be used since condition message namespaces order is inconsistent + ExpectWithOffset(1, c.Type).Should(Equal("NetworkReady")) + ExpectWithOffset(1, c.Status).Should(Equal(metav1.ConditionTrue)) + ExpectWithOffset(1, c.Reason).Should(Equal("NetworkAttachmentDefinitionReady")) + + ExpectWithOffset(1, c.Message).To(ContainSubstring("NetworkAttachmentDefinition has been created in following namespaces:")) + for _, ns := range expectedActiveNsNames { + Expect(c.Message).To(ContainSubstring(ns)) + } +} + +func assertClusterUDNStatusReportConsumers(conditionsJSON, udnName, udnNamespace, expectedPodName string) { + conditionsJSON = strings.ReplaceAll(conditionsJSON, `\`, ``) + conditionsJSON = strings.ReplaceAll(conditionsJSON, `'`, ``) + + var conditions []metav1.Condition + ExpectWithOffset(1, json.Unmarshal([]byte(conditionsJSON), &conditions)).To(Succeed()) + conditions = normalizeConditions(conditions) + expectedMsg := fmt.Sprintf("failed to delete NetworkAttachmentDefinition [%[1]s/%[2]s]: network in use by the following pods: [%[1]s/%[3]s]", + udnNamespace, udnName, expectedPodName) + ExpectWithOffset(1, conditions).To(Equal([]metav1.Condition{ + { + Type: "NetworkReady", + Status: "False", + Reason: "NetworkAttachmentDefinitionSyncError", + Message: expectedMsg, + }, + })) +} + +func newClusterUDNManifest(name string, targetNamespaces ...string) string { + targetNs := strings.Join(targetNamespaces, ",") + return ` +apiVersion: k8s.ovn.org/v1 +kind: ClusterUserDefinedNetwork +metadata: + name: ` + name + ` +spec: + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: [ ` + targetNs + ` ] + network: + topology: Layer2 + layer2: + role: Secondary + subnets: ["10.100.0.0/16"] +` +} + +func newPrimaryClusterUDNManifest(name string, targetNamespaces ...string) string { + targetNs := strings.Join(targetNamespaces, ",") + return ` +apiVersion: k8s.ovn.org/v1 +kind: ClusterUserDefinedNetwork +metadata: + name: ` + name + ` +spec: + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: [ ` + targetNs + ` ] + network: + topology: Layer3 + layer3: + role: Primary + subnets: [{cidr: "10.100.0.0/16"}] +` +} + func setRuntimeDefaultPSA(pod *v1.Pod) { dontEscape := false noRoot := true diff --git a/test/extended/util/annotate/generated/zz_generated.annotations.go b/test/extended/util/annotate/generated/zz_generated.annotations.go index a7a4c6a72484..2b297f9bda82 100644 --- a/test/extended/util/annotate/generated/zz_generated.annotations.go +++ b/test/extended/util/annotate/generated/zz_generated.annotations.go @@ -1599,11 +1599,35 @@ var Annotations = map[string]string{ "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] EndpointSlices mirroring when using openshift ovn-kubernetes created using UserDefinedNetwork mirrors EndpointSlices managed by the default controller for namespaces with user defined primary networks L3 primary UDN, host-networked pods": " [Suite:openshift/conformance/parallel]", - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork pod connected to UserDefinedNetwork cannot be deleted when being used": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller pod connected to ClusterUserDefinedNetwork CR & managed NADs cannot be deleted when being used": " [Suite:openshift/conformance/parallel]", - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork should create NetworkAttachmentDefinition according to spec": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller should create NAD according to spec in each target namespace and report active namespaces": " [Suite:openshift/conformance/parallel]", - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork should delete NetworkAttachmentDefinition when UserDefinedNetwork is deleted": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller should create NAD in new created namespaces that apply to namespace-selector": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller when CR is deleted, should delete all managed NAD in each target namespace": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller when namespace-selector is mutated should create NAD in namespaces that apply to mutated namespace-selector": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller when namespace-selector is mutated should delete managed NAD in namespaces that no longer apply to namespace-selector": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork CRD controller pod connected to UserDefinedNetwork cannot be deleted when being used": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork CRD controller should create NetworkAttachmentDefinition according to spec": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork CRD controller should delete NetworkAttachmentDefinition when UserDefinedNetwork is deleted": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork can perform east/west traffic between nodes for two pods connected over a L2 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork can perform east/west traffic between nodes two pods connected over a L3 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork is isolated from the default network with L2 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork is isolated from the default network with L3 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork isolates overlapping CIDRs with L2 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork isolates overlapping CIDRs with L3 primary UDN": " [Suite:openshift/conformance/parallel]", "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions can perform east/west traffic between nodes for two pods connected over a L2 primary UDN": " [Suite:openshift/conformance/parallel]", @@ -1629,6 +1653,8 @@ var Annotations = map[string]string{ "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using UserDefinedNetwork isolates overlapping CIDRs with L3 primary UDN": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes when primary network exist, ClusterUserDefinedNetwork status should report not-ready": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes when primary network exist, UserDefinedNetwork status should report not-ready": " [Suite:openshift/conformance/parallel]", "[sig-network][OCPFeatureGate:PersistentIPsForVirtualization][Feature:Layer2LiveMigration] Kubevirt Virtual Machines when using openshift ovn-kubernetes with user defined networks and persistent ips configured created using NetworkAttachmentDefinitions [Suite:openshift/network/virtualization] should keep ip when the VM attached to a primary UDN is migrated between nodes": "", diff --git a/zz_generated.manifests/test-reporting.yaml b/zz_generated.manifests/test-reporting.yaml index a0becec6225c..5cb6367aaba6 100644 --- a/zz_generated.manifests/test-reporting.yaml +++ b/zz_generated.manifests/test-reporting.yaml @@ -195,14 +195,56 @@ spec: for namespaces with user defined primary networks L3 primary UDN, host-networked pods' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] - when using openshift ovn-kubernetes UserDefinedNetwork pod connected to UserDefinedNetwork - cannot be deleted when being used' + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + pod connected to ClusterUserDefinedNetwork CR & managed NADs cannot be deleted + when being used' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] - when using openshift ovn-kubernetes UserDefinedNetwork should create NetworkAttachmentDefinition - according to spec' + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + should create NAD according to spec in each target namespace and report active + namespaces' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] - when using openshift ovn-kubernetes UserDefinedNetwork should delete NetworkAttachmentDefinition - when UserDefinedNetwork is deleted' + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + should create NAD in new created namespaces that apply to namespace-selector' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + when CR is deleted, should delete all managed NAD in each target namespace' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + when namespace-selector is mutated should create NAD in namespaces that apply + to mutated namespace-selector' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + when namespace-selector is mutated should delete managed NAD in namespaces + that no longer apply to namespace-selector' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes UserDefinedNetwork CRD controller pod + connected to UserDefinedNetwork cannot be deleted when being used' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes UserDefinedNetwork CRD controller should + create NetworkAttachmentDefinition according to spec' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes UserDefinedNetwork CRD controller should + delete NetworkAttachmentDefinition when UserDefinedNetwork is deleted' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + can perform east/west traffic between nodes for two pods connected over a + L2 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + can perform east/west traffic between nodes two pods connected over a L3 primary + UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + is isolated from the default network with L2 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + is isolated from the default network with L3 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + isolates overlapping CIDRs with L2 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + isolates overlapping CIDRs with L3 primary UDN' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions can perform east/west traffic between nodes for two pods connected over a @@ -241,6 +283,9 @@ spec: - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using UserDefinedNetwork isolates overlapping CIDRs with L3 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes when primary network exist, ClusterUserDefinedNetwork + status should report not-ready' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes when primary network exist, UserDefinedNetwork status should report not-ready'