Fix NodeNetworkPolicy e2e test failure

In NodeNetworkPolicy e2e tests, we have the following cases: - Node to Node. We deploy two hostNetwork Pods on different Nodes. - Node to remote Pods. We deploy a hostNetwork Pod on a Node and a non-hostNetwork Pod on another Node. For the case of Node to local Pods, we don't test it since the UDP probing from a non-hostNetwork Pod to the hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request packets, resulting in the failure of test Pods initialization. This PR fixes the e2e test failure by reverting the test Pods initialization modified by PR antrea-io#4537. Signed-off-by: Hongliang Liu <lhongliang@vmware.com>
hongliangl · Apr 2, 2024 · 672c021 · 672c021
1 parent 8d3f4c3
commit 672c021
Showing 1 changed file with 32 additions and 10 deletions.
diff --git a/test/e2e/nodenetworkpolicy_test.go b/test/e2e/nodenetworkpolicy_test.go
@@ -29,7 +29,7 @@ import (
 
 const labelNodeHostname = "kubernetes.io/hostname"
 
-func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, toHostNetworkPod bool) {
+func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, testNodeToNode bool) {
 	p80 = 80
 	p81 = 81
 	p8080 = 8080
@@ -39,22 +39,42 @@ func initializeAntreaNodeNetworkPolicy(t *testing.T, data *TestData, toHostNetwo
 	podsPerNamespace = []string{"a"}
 	suffix := randName("")
 	namespaces = make(map[string]TestNamespaceMeta)
-	for _, ns := range []string{"x", "y", "z"} {
-		namespaces[ns] = TestNamespaceMeta{
-			Name: ns + "-" + suffix,
-		}
-	}
 	nodes = make(map[string]string)
-	nodes["x"] = controlPlaneNodeName()
-	nodes["y"] = workerNodeName(1)
 	hostNetworks := make(map[string]bool)
+
+	// Deploy a hostNetwork Pod in Namespace with prefix "x-" on a Node.
+	nodes["x"] = nodeName(0)
 	hostNetworks["x"] = true
-	if toHostNetworkPod {
+	namespaces["x"] = TestNamespaceMeta{
+		Name: "x-" + suffix,
+	}
+
+	if testNodeToNode {
+		// To test NodeNetworkPolicy between Nodes, deploy another hostNetwork Pod in Namespace prefixed with "y-" on
+		// another Node. Pod in Namespace with prefix "z-" is not needed.
+		nodes["y"] = nodeName(1)
 		hostNetworks["y"] = true
+		namespaces["y"] = TestNamespaceMeta{
+			Name: "y-" + suffix,
+		}
 	} else {
+		// To test NodeNetworkPolicy between Node and Pods, deploy another two non-hostNetwork Pods in Namespaces
+		// prefixed with "y-" and "z-", respectively, on another Node.
+		// It is important to note that we avoid deploying non-hostNetwork Pods and hostNetwork Pods on the same Node
+		// for this test. If so, after all test Pods are created, the UDP probing from a non-hostNetwork Pod to the
+		// hostNetwork Pod deployed on the same Node will get a failure. The reason is that the reply packets use the
+		// local Antrea gateway IP as source IP, instead of the local Node IP, which is the destination IP of the request
+		// packets.
+		nodes["y"] = nodeName(1)
 		hostNetworks["y"] = false
-		nodes["z"] = workerNodeName(1)
+		namespaces["y"] = TestNamespaceMeta{
+			Name: "y-" + suffix,
+		}
+		nodes["z"] = nodeName(1)
 		hostNetworks["z"] = false
+		namespaces["z"] = TestNamespaceMeta{
+			Name: "z-" + suffix,
+		}
 	}
 	allPods = []Pod{}
 
@@ -89,6 +109,7 @@ func TestAntreaNodeNetworkPolicy(t *testing.T) {
 	}
 	defer teardownTest(t, data)
 
+	// Test NodeNetworkPolicy between Nodes.
 	initializeAntreaNodeNetworkPolicy(t, data, true)
 
 	t.Run("Case=ACNPAllowNoDefaultIsolationTCP", func(t *testing.T) { testNodeACNPAllowNoDefaultIsolation(t, ProtocolTCP) })
@@ -115,6 +136,7 @@ func TestAntreaNodeNetworkPolicy(t *testing.T) {
 
 	k8sUtils.Cleanup(namespaces)
 
+	// Test NodeNetworkPolicy between Node and Pods.
 	initializeAntreaNodeNetworkPolicy(t, data, false)
 
 	t.Run("Case=ACNPNamespaceIsolation", func(t *testing.T) { testNodeACNPNamespaceIsolation(t) })