Skip to content

Commit

Permalink
Fix e2e test RejectServiceTraffic (#3892)
Browse files Browse the repository at this point in the history 
createAgnhostServiceAndBackendPods should create the service with the
selector that can only selects the Pod created together with it.
Previous selector selected all Pods using agnhost image, causing
traffic destined for service to be forwarded to unexpected Pod.

This patch also changed to use same Pod selector for Service and
ClusterNetworkPolicy to avoid redundancy and inconsistency.

Signed-off-by: Quan Tian <qtian@vmware.com>
  • Loading branch information
@tnqn
tnqn authored Apr 13, 2023
1 parent f1545c1 commit 611f8d6
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions test/e2e/antreapolicy_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2247,9 +2247,9 @@ func testRejectServiceTraffic(t *testing.T, data *TestData, clientNamespace, ser
builder1 = builder1.SetName("acnp-reject-egress-svc-traffic").
SetPriority(1.0).
SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": "agnhost-client"}}})
builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": "s1"}, nil,
builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, svc1.Spec.Selector, nil,
nil, nil, false, nil, crdv1alpha1.RuleActionReject, "", "", nil)
builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": "s2"}, nil,
builder1.AddEgress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, svc2.Spec.Selector, nil,
nil, nil, false, nil, crdv1alpha1.RuleActionReject, "", "", nil)

acnpEgress := builder1.Get()
Expand All @@ -2273,7 +2273,7 @@ func testRejectServiceTraffic(t *testing.T, data *TestData, clientNamespace, ser
builder2 := &ClusterNetworkPolicySpecBuilder{}
builder2 = builder2.SetName("acnp-reject-ingress-svc-traffic").
SetPriority(1.0).
SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: map[string]string{"antrea-e2e": "s1"}}, {PodSelector: map[string]string{"antrea-e2e": "s2"}}})
SetAppliedToGroup([]ACNPAppliedToSpec{{PodSelector: svc1.Spec.Selector}, {PodSelector: svc2.Spec.Selector}})
builder2.AddIngress(ProtocolTCP, &p80, nil, nil, nil, nil, nil, nil, nil, map[string]string{"antrea-e2e": "agnhost-client"}, nil,
nil, nil, false, nil, crdv1alpha1.RuleActionReject, "", "", nil)

Expand Down

0 comments on commit 611f8d6

Please sign in to comment.