From 164ebd8357be77462ab3022cf0ceda4ff1df8686 Mon Sep 17 00:00:00 2001 From: Or Mergi Date: Thu, 7 Nov 2024 19:12:57 +0200 Subject: [PATCH 1/2] test,networksegmentation: Test cluster UDN management using CRD Add tests for OVN-Kubernetes user-defined-network management using ClusterUserDefinedNetwork CRD. Signed-off-by: Or Mergi --- .../networking/network_segmentation.go | 378 +++++++++++++++++- 1 file changed, 377 insertions(+), 1 deletion(-) diff --git a/test/extended/networking/network_segmentation.go b/test/extended/networking/network_segmentation.go index 2c1c28c23377..8e9eb35cd385 100644 --- a/test/extended/networking/network_segmentation.go +++ b/test/extended/networking/network_segmentation.go @@ -552,7 +552,7 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User }), ) - Context("UserDefinedNetwork", func() { + Context("UserDefinedNetwork CRD controller", func() { const ( testUdnName = "test-net" userDefinedNetworkResource = "userdefinednetwork" @@ -682,6 +682,266 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User expectedMessage := fmt.Sprintf("primary network already exist in namespace %q: %q", f.Namespace.Name, primaryNadName) Expect(actualConditions[0].Message).To(Equal(expectedMessage)) }) + + Context("ClusterUserDefinedNetwork CRD Controller", func() { + const ( + testClusterUdnName = "test-cluster-net" + clusterUserDefinedNetworkResource = "clusteruserdefinednetwork" + ) + var ( + testTenantNamespaces []string + ) + BeforeEach(func() { + testTenantNamespaces = []string{ + f.Namespace.Name + "blue", + f.Namespace.Name + "red", + } + + By("Creating test tenants namespaces") + for _, nsName := range testTenantNamespaces { + _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName}}, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + DeferCleanup(func() error { + err := cs.CoreV1().Namespaces().Delete(context.Background(), nsName, metav1.DeleteOptions{}) + return err + }) + } + }) + + BeforeEach(func() { + By("create test CR") + cleanup, err := createManifest("", newClusterUDNManifest(testClusterUdnName, testTenantNamespaces...)) + DeferCleanup(func() error { + cleanup() + _, _ = e2ekubectl.RunKubectl("", "delete", clusterUserDefinedNetworkResource, testClusterUdnName) + return nil + }) + Expect(err).NotTo(HaveOccurred()) + Expect(waitForClusterUserDefinedNetworkReady(testClusterUdnName, 5*time.Second)).To(Succeed()) + }) + + It("should create NAD according to spec in each target namespace and report active namespaces", func() { + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, testTenantNamespaces...) + + udnUidRaw, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName, "-o", "jsonpath='{.metadata.uid}'") + Expect(err).NotTo(HaveOccurred(), "should get the ClsuterUserDefinedNetwork UID") + testUdnUID := strings.Trim(udnUidRaw, "'") + + By("verify a NetworkAttachmentDefinition is created according to spec") + for _, testNsName := range testTenantNamespaces { + assertClusterNADManifest(nadClient, testNsName, testClusterUdnName, testUdnUID) + } + }) + + It("when CR is deleted, should delete all managed NAD in each target namespace", func() { + By("delete test CR") + _, err := e2ekubectl.RunKubectl("", "delete", clusterUserDefinedNetworkResource, testClusterUdnName) + Expect(err).NotTo(HaveOccurred()) + + for _, nsName := range testTenantNamespaces { + By(fmt.Sprintf("verify a NAD has been deleted from namesapce %q", nsName)) + Eventually(func() bool { + _, err := nadClient.NetworkAttachmentDefinitions(nsName).Get(context.Background(), testClusterUdnName, metav1.GetOptions{}) + return err != nil && kerrors.IsNotFound(err) + }, time.Second*3, time.Second*1).Should(BeTrue(), + "NADs in target namespaces should be deleted following ClusterUserDefinedNetwork deletion") + } + }) + + It("should create NAD in new created namespaces that apply to namespace-selector", func() { + testNewNs := f.Namespace.Name + "green" + + By("add new target namespace to CR namespace-selector") + patch := fmt.Sprintf(`[{"op": "add", "path": "./spec/namespaceSelector/matchExpressions/0/values/-", "value": "%s"}]`, testNewNs) + _, err := e2ekubectl.RunKubectl("", "patch", clusterUserDefinedNetworkResource, testClusterUdnName, "--type=json", "-p="+patch) + Expect(err).NotTo(HaveOccurred()) + Expect(waitForClusterUserDefinedNetworkReady(testClusterUdnName, 5*time.Second)).To(Succeed()) + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, testTenantNamespaces...) + + By("create the new target namespace") + _, err = cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: testNewNs}}, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + DeferCleanup(func() error { + err := cs.CoreV1().Namespaces().Delete(context.Background(), testNewNs, metav1.DeleteOptions{}) + return err + }) + + expectedActiveNamespaces := append(testTenantNamespaces, testNewNs) + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, expectedActiveNamespaces...) + + udnUidRaw, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName, "-o", "jsonpath='{.metadata.uid}'") + Expect(err).NotTo(HaveOccurred(), "should get the ClsuterUserDefinedNetwork UID") + testUdnUID := strings.Trim(udnUidRaw, "'") + + By("verify a NAD exist in new namespace according to spec") + assertClusterNADManifest(nadClient, testNewNs, testClusterUdnName, testUdnUID) + }) + + When("namespace-selector is mutated", func() { + It("should create NAD in namespaces that apply to mutated namespace-selector", func() { + testNewNs := f.Namespace.Name + "green" + + By("create new namespace") + _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: testNewNs}}, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + DeferCleanup(func() error { + err := cs.CoreV1().Namespaces().Delete(context.Background(), testNewNs, metav1.DeleteOptions{}) + return err + }) + + By("add new namespace to CR namespace-selector") + patch := fmt.Sprintf(`[{"op": "add", "path": "./spec/namespaceSelector/matchExpressions/0/values/-", "value": "%s"}]`, testNewNs) + _, err = e2ekubectl.RunKubectl("", "patch", clusterUserDefinedNetworkResource, testClusterUdnName, "--type=json", "-p="+patch) + Expect(err).NotTo(HaveOccurred()) + + By("verify status reports the new added namespace as active") + expectedActiveNs := append(testTenantNamespaces, testNewNs) + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, expectedActiveNs...) + + By("verify a NAD is created in new target namespace according to spec") + udnUidRaw, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName, "-o", "jsonpath='{.metadata.uid}'") + Expect(err).NotTo(HaveOccurred(), "should get the ClusterUserDefinedNetwork UID") + testUdnUID := strings.Trim(udnUidRaw, "'") + assertClusterNADManifest(nadClient, testNewNs, testClusterUdnName, testUdnUID) + }) + + It("should delete managed NAD in namespaces that no longer apply to namespace-selector", func() { + By("remove one active namespace from CR namespace-selector") + activeTenantNs := testTenantNamespaces[1] + patch := fmt.Sprintf(`[{"op": "replace", "path": "./spec/namespaceSelector/matchExpressions/0/values", "value": [%q]}]`, activeTenantNs) + _, err := e2ekubectl.RunKubectl("", "patch", clusterUserDefinedNetworkResource, testClusterUdnName, "--type=json", "-p="+patch) + Expect(err).NotTo(HaveOccurred()) + + By("verify status reports remained target namespaces only as active") + expectedActiveNs := []string{activeTenantNs} + assertClusterUDNStatusReportsActiveNamespaces(testClusterUdnName, expectedActiveNs...) + + removedTenantNs := testTenantNamespaces[0] + By("verify managed NAD not exist in removed target namespace") + Eventually(func() bool { + _, err := nadClient.NetworkAttachmentDefinitions(removedTenantNs).Get(context.Background(), testClusterUdnName, metav1.GetOptions{}) + return err != nil && kerrors.IsNotFound(err) + }, time.Second*300, time.Second*1).Should(BeTrue(), + "NAD in target namespaces should be deleted following CR namespace-selector mutation") + }) + }) + + Context("pod connected to ClusterUserDefinedNetwork", func() { + const testPodName = "test-pod-cluster-udn" + + var ( + udnInUseDeleteTimeout = 65 * time.Second + deleteNetworkTimeout = 5 * time.Second + deleteNetworkInterval = 1 * time.Second + + inUseNetTestTenantNamespace string + ) + + BeforeEach(func() { + inUseNetTestTenantNamespace = testTenantNamespaces[0] + + By("create pod in one of the test tenant namespaces") + networkAttachments := []nadapi.NetworkSelectionElement{ + {Name: testClusterUdnName, Namespace: inUseNetTestTenantNamespace}, + } + cfg := podConfig(testPodName, withNetworkAttachment(networkAttachments)) + cfg.namespace = inUseNetTestTenantNamespace + runUDNPod(cs, inUseNetTestTenantNamespace, *cfg, nil) + }) + + It("CR & managed NADs cannot be deleted when being used", func() { + By("verify CR cannot be deleted") + cmd := e2ekubectl.NewKubectlCommand("", "delete", clusterUserDefinedNetworkResource, testClusterUdnName) + cmd.WithTimeout(time.NewTimer(deleteNetworkTimeout).C) + _, err := cmd.Exec() + Expect(err).To(HaveOccurred(), "should fail to delete ClusterUserDefinedNetwork when used") + + By("verify CR associate NAD cannot be deleted") + Eventually(func() error { + ctx, cancel := context.WithTimeout(context.Background(), deleteNetworkTimeout) + defer cancel() + _ = nadClient.NetworkAttachmentDefinitions(inUseNetTestTenantNamespace).Delete(ctx, testClusterUdnName, metav1.DeleteOptions{}) + _, err := nadClient.NetworkAttachmentDefinitions(inUseNetTestTenantNamespace).Get(ctx, testClusterUdnName, metav1.GetOptions{}) + return err + }).ShouldNot(HaveOccurred(), + "should fail to delete UserDefinedNetwork associated NetworkAttachmentDefinition when used") + + By("verify CR status reports consuming pod") + conditionsJSON, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName, "-o", "jsonpath='{.status.conditions}'") + Expect(err).NotTo(HaveOccurred()) + assertClusterUDNStatusReportConsumers(conditionsJSON, testClusterUdnName, inUseNetTestTenantNamespace, testPodName) + + By("delete test pod") + err = cs.CoreV1().Pods(inUseNetTestTenantNamespace).Delete(context.Background(), testPodName, metav1.DeleteOptions{}) + Expect(err).ToNot(HaveOccurred()) + + By("verify CR is gone") + Eventually(func() error { + _, err := e2ekubectl.RunKubectl("", "get", clusterUserDefinedNetworkResource, testClusterUdnName) + return err + }, udnInUseDeleteTimeout, deleteNetworkInterval).Should(HaveOccurred(), + "ClusterUserDefinedNetwork should be deleted following test pod deletion") + + By("verify CR associate NADs are gone") + for _, nsName := range testTenantNamespaces { + Eventually(func() bool { + _, err := nadClient.NetworkAttachmentDefinitions(nsName).Get(context.Background(), testClusterUdnName, metav1.GetOptions{}) + return err != nil && kerrors.IsNotFound(err) + }, deleteNetworkTimeout, deleteNetworkInterval).Should(BeTrue(), + "NADs in target namespaces should be deleted following ClusterUserDefinedNetwork deletion") + } + }) + }) + }) + + It("when primary network exist, ClusterUserDefinedNetwork status should report not-ready", func() { + testTenantNamespaces := []string{ + f.Namespace.Name + "blue", + f.Namespace.Name + "red", + } + By("Creating test tenants namespaces") + for _, nsName := range testTenantNamespaces { + _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName}}, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + DeferCleanup(func() error { + err := cs.CoreV1().Namespaces().Delete(context.Background(), nsName, metav1.DeleteOptions{}) + return err + }) + } + + By("create primary network NAD in one of the tenant namespaces") + const primaryNadName = "some-primary-net" + primaryNetTenantNs := testTenantNamespaces[0] + primaryNetNad := generateNAD(newNetworkAttachmentConfig(networkAttachmentConfigParams{ + role: "primary", + topology: "layer3", + name: primaryNadName, + networkName: primaryNadName, + cidr: "10.10.100.0/24", + })) + _, err := nadClient.NetworkAttachmentDefinitions(primaryNetTenantNs).Create(context.Background(), primaryNetNad, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + + By("create primary Cluster UDN CR") + const cudnName = "primary-net" + cleanup, err := createManifest(f.Namespace.Name, newPrimaryClusterUDNManifest(cudnName, testTenantNamespaces...)) + DeferCleanup(func() error { + cleanup() + _, _ = e2ekubectl.RunKubectl("", "delete", "clusteruserdefinednetwork", cudnName) + return nil + }) + + conditionsJSON, err := e2ekubectl.RunKubectl(f.Namespace.Name, "get", "clusteruserdefinednetwork", cudnName, "-o", "jsonpath={.status.conditions}") + Expect(err).NotTo(HaveOccurred()) + var actualConditions []metav1.Condition + Expect(json.Unmarshal([]byte(conditionsJSON), &actualConditions)).To(Succeed()) + + Expect(actualConditions[0].Type).To(Equal("NetworkReady")) + Expect(actualConditions[0].Status).To(Equal(metav1.ConditionFalse)) + Expect(actualConditions[0].Reason).To(Equal("NetworkAttachmentDefinitionSyncError")) + expectedMessage := fmt.Sprintf("primary network already exist in namespace %q: %q", primaryNetTenantNs, primaryNadName) + Expect(actualConditions[0].Message).To(Equal(expectedMessage)) + }) }) }) @@ -772,6 +1032,11 @@ func waitForUserDefinedNetworkReady(namespace, name string, timeout time.Duratio return err } +func waitForClusterUserDefinedNetworkReady(name string, timeout time.Duration) error { + _, err := e2ekubectl.RunKubectl("", "wait", "clusteruserdefinednetwork", name, "--for", "condition=NetworkReady=True", "--timeout", timeout.String()) + return err +} + func newPrimaryUserDefinedNetworkManifest(oc *exutil.CLI, name string) string { return ` apiVersion: k8s.ovn.org/v1 @@ -877,6 +1142,117 @@ func normalizeConditions(conditions []metav1.Condition) []metav1.Condition { return conditions } +func assertClusterNADManifest(nadClient nadclient.K8sCniCncfIoV1Interface, namespace, udnName, udnUID string) { + nad, err := nadClient.NetworkAttachmentDefinitions(namespace).Get(context.Background(), udnName, metav1.GetOptions{}) + Expect(err).NotTo(HaveOccurred()) + + ExpectWithOffset(1, nad.Name).To(Equal(udnName)) + ExpectWithOffset(1, nad.Namespace).To(Equal(namespace)) + ExpectWithOffset(1, nad.OwnerReferences).To(Equal([]metav1.OwnerReference{{ + APIVersion: "k8s.ovn.org/v1", + Kind: "ClusterUserDefinedNetwork", + Name: udnName, + UID: types.UID(udnUID), + BlockOwnerDeletion: pointer.Bool(true), + Controller: pointer.Bool(true), + }})) + ExpectWithOffset(1, nad.Labels).To(Equal(map[string]string{"k8s.ovn.org/user-defined-network": ""})) + ExpectWithOffset(1, nad.Finalizers).To(Equal([]string{"k8s.ovn.org/user-defined-network-protection"})) + + expectedNetworkName := "cluster.udn." + udnName + expectedNadName := namespace + "/" + udnName + ExpectWithOffset(1, nad.Spec.Config).To(MatchJSON(`{ + "cniVersion":"1.0.0", + "type": "ovn-k8s-cni-overlay", + "name": "` + expectedNetworkName + `", + "netAttachDefName": "` + expectedNadName + `", + "topology": "layer2", + "role": "secondary", + "subnets": "10.100.0.0/16" + }`)) +} + +func assertClusterUDNStatusReportsActiveNamespaces(cudnName string, expectedActiveNsNames ...string) { + conditionsRaw, err := e2ekubectl.RunKubectl("", "get", "clusteruserdefinednetwork", cudnName, "-o", "jsonpath='{.status.conditions}'") + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + conditionsRaw = strings.ReplaceAll(conditionsRaw, `\`, ``) + conditionsRaw = strings.ReplaceAll(conditionsRaw, `'`, ``) + var conditions []metav1.Condition + ExpectWithOffset(1, json.Unmarshal([]byte(conditionsRaw), &conditions)).To(Succeed()) + + c := conditions[0] + // equality matcher cannot be used since condition message namespaces order is inconsistent + ExpectWithOffset(1, c.Type).Should(Equal("NetworkReady")) + ExpectWithOffset(1, c.Status).Should(Equal(metav1.ConditionTrue)) + ExpectWithOffset(1, c.Reason).Should(Equal("NetworkAttachmentDefinitionReady")) + + ExpectWithOffset(1, c.Message).To(ContainSubstring("NetworkAttachmentDefinition has been created in following namespaces:")) + for _, ns := range expectedActiveNsNames { + Expect(c.Message).To(ContainSubstring(ns)) + } +} + +func assertClusterUDNStatusReportConsumers(conditionsJSON, udnName, udnNamespace, expectedPodName string) { + conditionsJSON = strings.ReplaceAll(conditionsJSON, `\`, ``) + conditionsJSON = strings.ReplaceAll(conditionsJSON, `'`, ``) + + var conditions []metav1.Condition + ExpectWithOffset(1, json.Unmarshal([]byte(conditionsJSON), &conditions)).To(Succeed()) + conditions = normalizeConditions(conditions) + expectedMsg := fmt.Sprintf("failed to delete NetworkAttachmentDefinition [%[1]s/%[2]s]: network in use by the following pods: [%[1]s/%[3]s]", + udnNamespace, udnName, expectedPodName) + ExpectWithOffset(1, conditions).To(Equal([]metav1.Condition{ + { + Type: "NetworkReady", + Status: "False", + Reason: "NetworkAttachmentDefinitionSyncError", + Message: expectedMsg, + }, + })) +} + +func newClusterUDNManifest(name string, targetNamespaces ...string) string { + targetNs := strings.Join(targetNamespaces, ",") + return ` +apiVersion: k8s.ovn.org/v1 +kind: ClusterUserDefinedNetwork +metadata: + name: ` + name + ` +spec: + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: [ ` + targetNs + ` ] + network: + topology: Layer2 + layer2: + role: Secondary + subnets: ["10.100.0.0/16"] +` +} + +func newPrimaryClusterUDNManifest(name string, targetNamespaces ...string) string { + targetNs := strings.Join(targetNamespaces, ",") + return ` +apiVersion: k8s.ovn.org/v1 +kind: ClusterUserDefinedNetwork +metadata: + name: ` + name + ` +spec: + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: [ ` + targetNs + ` ] + network: + topology: Layer3 + layer3: + role: Primary + subnets: [{cidr: "10.100.0.0/16"}] +` +} + func setRuntimeDefaultPSA(pod *v1.Pod) { dontEscape := false noRoot := true From 537c03320d67af536b84a9324bd2f071b6b5b43a Mon Sep 17 00:00:00 2001 From: Or Mergi Date: Thu, 7 Nov 2024 19:40:36 +0200 Subject: [PATCH 2/2] test,networksegmentation: connectivity & isolation coverage using CUDN Add additional case using the ClusterUserDefinedNetwork CRD for UDN connectivity and isolation tests. Since CUDN CRD is cluster scoped, it should be deleted after each test. Delete tests pods as part of the CUDN clean-up to unblock CR and associated NADs to deletion Signed-off-by: Or Mergi --- .../networking/network_segmentation.go | 48 ++++++++++++++-- .../generated/zz_generated.annotations.go | 32 ++++++++++- zz_generated.manifests/test-reporting.yaml | 57 +++++++++++++++++-- 3 files changed, 122 insertions(+), 15 deletions(-) diff --git a/test/extended/networking/network_segmentation.go b/test/extended/networking/network_segmentation.go index 8e9eb35cd385..65d669d399f9 100644 --- a/test/extended/networking/network_segmentation.go +++ b/test/extended/networking/network_segmentation.go @@ -550,6 +550,20 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User Expect(waitForUserDefinedNetworkReady(c.namespace, c.name, udnCrReadyTimeout)).To(Succeed()) return err }), + Entry("ClusterUserDefinedNetwork", func(c networkAttachmentConfigParams) error { + cudnManifest := generateClusterUserDefinedNetworkManifest(&c) + cleanup, err := createManifest("", cudnManifest) + DeferCleanup(func() { + cleanup() + By("delete pods in test namespace to unblock CUDN CR & associate NAD deletion") + _, err := e2ekubectl.RunKubectl(c.namespace, "delete", "pod", "--all") + Expect(err).NotTo(HaveOccurred()) + _, err = e2ekubectl.RunKubectl("", "delete", "clusteruserdefinednetwork", c.name) + Expect(err).NotTo(HaveOccurred()) + }) + Expect(waitForClusterUserDefinedNetworkReady(c.name, 5*time.Second)).To(Succeed()) + return err + }), ) Context("UserDefinedNetwork CRD controller", func() { @@ -945,13 +959,14 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User }) }) +var nadToUdnParams = map[string]string{ + "primary": "Primary", + "secondary": "Secondary", + "layer2": "Layer2", + "layer3": "Layer3", +} + func generateUserDefinedNetworkManifest(params *networkAttachmentConfigParams) string { - nadToUdnParams := map[string]string{ - "primary": "Primary", - "secondary": "Secondary", - "layer2": "Layer2", - "layer3": "Layer3", - } subnets := generateSubnetsYaml(params) return ` apiVersion: k8s.ovn.org/v1 @@ -967,6 +982,27 @@ spec: ` } +func generateClusterUserDefinedNetworkManifest(params *networkAttachmentConfigParams) string { + subnets := generateSubnetsYaml(params) + return ` +apiVersion: k8s.ovn.org/v1 +kind: ClusterUserDefinedNetwork +metadata: + name: ` + params.name + ` +spec: + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: [` + params.namespace + `] + network: + topology: ` + nadToUdnParams[params.topology] + ` + ` + params.topology + `: + role: ` + nadToUdnParams[params.role] + ` + subnets: ` + subnets + ` +` +} + func generateSubnetsYaml(params *networkAttachmentConfigParams) string { if params.topology == "layer3" { l3Subnets := generateLayer3Subnets(params.cidr) diff --git a/test/extended/util/annotate/generated/zz_generated.annotations.go b/test/extended/util/annotate/generated/zz_generated.annotations.go index a7a4c6a72484..2b297f9bda82 100644 --- a/test/extended/util/annotate/generated/zz_generated.annotations.go +++ b/test/extended/util/annotate/generated/zz_generated.annotations.go @@ -1599,11 +1599,35 @@ var Annotations = map[string]string{ "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] EndpointSlices mirroring when using openshift ovn-kubernetes created using UserDefinedNetwork mirrors EndpointSlices managed by the default controller for namespaces with user defined primary networks L3 primary UDN, host-networked pods": " [Suite:openshift/conformance/parallel]", - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork pod connected to UserDefinedNetwork cannot be deleted when being used": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller pod connected to ClusterUserDefinedNetwork CR & managed NADs cannot be deleted when being used": " [Suite:openshift/conformance/parallel]", - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork should create NetworkAttachmentDefinition according to spec": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller should create NAD according to spec in each target namespace and report active namespaces": " [Suite:openshift/conformance/parallel]", - "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork should delete NetworkAttachmentDefinition when UserDefinedNetwork is deleted": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller should create NAD in new created namespaces that apply to namespace-selector": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller when CR is deleted, should delete all managed NAD in each target namespace": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller when namespace-selector is mutated should create NAD in namespaces that apply to mutated namespace-selector": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller when namespace-selector is mutated should delete managed NAD in namespaces that no longer apply to namespace-selector": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork CRD controller pod connected to UserDefinedNetwork cannot be deleted when being used": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork CRD controller should create NetworkAttachmentDefinition according to spec": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes UserDefinedNetwork CRD controller should delete NetworkAttachmentDefinition when UserDefinedNetwork is deleted": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork can perform east/west traffic between nodes for two pods connected over a L2 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork can perform east/west traffic between nodes two pods connected over a L3 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork is isolated from the default network with L2 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork is isolated from the default network with L3 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork isolates overlapping CIDRs with L2 primary UDN": " [Suite:openshift/conformance/parallel]", + + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork isolates overlapping CIDRs with L3 primary UDN": " [Suite:openshift/conformance/parallel]", "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions can perform east/west traffic between nodes for two pods connected over a L2 primary UDN": " [Suite:openshift/conformance/parallel]", @@ -1629,6 +1653,8 @@ var Annotations = map[string]string{ "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using UserDefinedNetwork isolates overlapping CIDRs with L3 primary UDN": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes when primary network exist, ClusterUserDefinedNetwork status should report not-ready": " [Suite:openshift/conformance/parallel]", + "[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes when primary network exist, UserDefinedNetwork status should report not-ready": " [Suite:openshift/conformance/parallel]", "[sig-network][OCPFeatureGate:PersistentIPsForVirtualization][Feature:Layer2LiveMigration] Kubevirt Virtual Machines when using openshift ovn-kubernetes with user defined networks and persistent ips configured created using NetworkAttachmentDefinitions [Suite:openshift/network/virtualization] should keep ip when the VM attached to a primary UDN is migrated between nodes": "", diff --git a/zz_generated.manifests/test-reporting.yaml b/zz_generated.manifests/test-reporting.yaml index a0becec6225c..5cb6367aaba6 100644 --- a/zz_generated.manifests/test-reporting.yaml +++ b/zz_generated.manifests/test-reporting.yaml @@ -195,14 +195,56 @@ spec: for namespaces with user defined primary networks L3 primary UDN, host-networked pods' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] - when using openshift ovn-kubernetes UserDefinedNetwork pod connected to UserDefinedNetwork - cannot be deleted when being used' + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + pod connected to ClusterUserDefinedNetwork CR & managed NADs cannot be deleted + when being used' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] - when using openshift ovn-kubernetes UserDefinedNetwork should create NetworkAttachmentDefinition - according to spec' + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + should create NAD according to spec in each target namespace and report active + namespaces' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] - when using openshift ovn-kubernetes UserDefinedNetwork should delete NetworkAttachmentDefinition - when UserDefinedNetwork is deleted' + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + should create NAD in new created namespaces that apply to namespace-selector' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + when CR is deleted, should delete all managed NAD in each target namespace' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + when namespace-selector is mutated should create NAD in namespaces that apply + to mutated namespace-selector' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes ClusterUserDefinedNetwork CRD Controller + when namespace-selector is mutated should delete managed NAD in namespaces + that no longer apply to namespace-selector' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes UserDefinedNetwork CRD controller pod + connected to UserDefinedNetwork cannot be deleted when being used' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes UserDefinedNetwork CRD controller should + create NetworkAttachmentDefinition according to spec' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes UserDefinedNetwork CRD controller should + delete NetworkAttachmentDefinition when UserDefinedNetwork is deleted' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + can perform east/west traffic between nodes for two pods connected over a + L2 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + can perform east/west traffic between nodes two pods connected over a L3 primary + UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + is isolated from the default network with L2 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + is isolated from the default network with L3 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + isolates overlapping CIDRs with L2 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes created using ClusterUserDefinedNetwork + isolates overlapping CIDRs with L3 primary UDN' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using NetworkAttachmentDefinitions can perform east/west traffic between nodes for two pods connected over a @@ -241,6 +283,9 @@ spec: - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes created using UserDefinedNetwork isolates overlapping CIDRs with L3 primary UDN' + - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] + when using openshift ovn-kubernetes when primary network exist, ClusterUserDefinedNetwork + status should report not-ready' - testName: '[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] when using openshift ovn-kubernetes when primary network exist, UserDefinedNetwork status should report not-ready'