diff --git a/openshift-hack/e2e/annotate/generated/zz_generated.annotations.go b/openshift-hack/e2e/annotate/generated/zz_generated.annotations.go index 1ea45a46ddb24..684a3df12fbd0 100644 --- a/openshift-hack/e2e/annotate/generated/zz_generated.annotations.go +++ b/openshift-hack/e2e/annotate/generated/zz_generated.annotations.go @@ -1031,31 +1031,31 @@ var annotations = map[string]string{ "[Top Level] [sig-network] Network should set TCP CLOSE_WAIT timeout [Privileged]": "should set TCP CLOSE_WAIT timeout [Privileged] [Disabled:Broken] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access on one named port [Feature:NetworkPolicy]": "should allow egress access on one named port [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access on one named port [Feature:NetworkPolicy]": "should allow egress access on one named port [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access to server in CIDR block [Feature:NetworkPolicy]": "should allow egress access to server in CIDR block [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access to server in CIDR block [Feature:NetworkPolicy]": "should allow egress access to server in CIDR block [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from namespace on one named port [Feature:NetworkPolicy]": "should allow ingress access from namespace on one named port [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from namespace on one named port [Feature:NetworkPolicy]": "should allow ingress access from namespace on one named port [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated namespace [Feature:NetworkPolicy]": "should allow ingress access from updated namespace [Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated pod [Feature:NetworkPolicy]": "should allow ingress access from updated pod [Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access on one named port [Feature:NetworkPolicy]": "should allow ingress access on one named port [Feature:NetworkPolicy] [Disabled:Broken] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access on one named port [Feature:NetworkPolicy]": "should allow ingress access on one named port [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should deny ingress access to updated pod [Feature:NetworkPolicy]": "should deny ingress access to updated pod [Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy]": "should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy]": "should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy]": "should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy]": "should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy]": "should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy]": "should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", @@ -1075,19 +1075,19 @@ var annotations = map[string]string{ "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce updated policy [Feature:NetworkPolicy]": "should enforce updated policy [Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy]": "should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy]": "should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP]": "should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should stop enforcing policies after they are deleted [Feature:NetworkPolicy]": "should stop enforcing policies after they are deleted [Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-all' policy [Feature:NetworkPolicy]": "should support a 'default-deny-all' policy [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-all' policy [Feature:NetworkPolicy]": "should support a 'default-deny-all' policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-ingress' policy [Feature:NetworkPolicy]": "should support a 'default-deny-ingress' policy [Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support allow-all policy [Feature:NetworkPolicy]": "should support allow-all policy [Feature:NetworkPolicy] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should work with Ingress,Egress specified together [Feature:NetworkPolicy]": "should work with Ingress,Egress specified together [Feature:NetworkPolicy] [Disabled:Unimplemented] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should work with Ingress,Egress specified together [Feature:NetworkPolicy]": "should work with Ingress,Egress specified together [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] Networking Granular Checks: Pods should function for intra-pod communication: http [NodeConformance] [Conformance]": "should function for intra-pod communication: http [NodeConformance] [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", diff --git a/openshift-hack/e2e/annotate/rules.go b/openshift-hack/e2e/annotate/rules.go index c5487ad59a360..d50e7690a8531 100644 --- a/openshift-hack/e2e/annotate/rules.go +++ b/openshift-hack/e2e/annotate/rules.go @@ -30,15 +30,7 @@ var ( `Ubernetes`, // Can't set zone labels today `kube-ui`, // Not installed by default `Kubernetes Dashboard`, // Not installed by default (also probably slow image pull) - - `NetworkPolicy.*egress`, // not supported - `NetworkPolicy.*named port`, // not yet implemented - `enforce egress policy`, // not support - `should proxy to cadvisor`, // we don't expose cAdvisor port directly for security reasons - - `NetworkPolicy.*IPBlock`, // not supported - `NetworkPolicy.*Egress`, // not supported - `NetworkPolicy.*default-deny-all`, // not supported + `should proxy to cadvisor`, // we don't expose cAdvisor port directly for security reasons }, // tests that rely on special configuration that we do not yet support "[Disabled:SpecialConfig]": { @@ -72,7 +64,6 @@ var ( `should check kube-proxy urls`, // previously this test was skipped b/c we reported -1 as the number of nodes, now we report proper number and test fails `SSH`, // TRIAGE `should implement service.kubernetes.io/service-proxy-name`, // this is an optional test that requires SSH. sig-network - `should allow ingress access on one named port`, // https://bugzilla.redhat.com/show_bug.cgi?id=1711602 `recreate nodes and ensure they function upon restart`, // https://bugzilla.redhat.com/show_bug.cgi?id=1756428 `\[Driver: iscsi\]`, // https://bugzilla.redhat.com/show_bug.cgi?id=1711627 @@ -183,6 +174,16 @@ var ( `\[Feature:GKELocalSSD\]`, `\[Feature:GKENodePool\]`, }, + // Tests that don't pass under openshift-sdn. + // These are skipped explicitly by openshift-hack/test-kubernetes-e2e.sh, + // but will also be skipped by openshift-tests in jobs that use openshift-sdn. + "[Skipped:Network/OpenShiftSDN]": { + `NetworkPolicy.*IPBlock`, // feature is not supported by openshift-sdn + `NetworkPolicy.*[Ee]gress`, // feature is not supported by openshift-sdn + `NetworkPolicy.*named port`, // feature is not supported by openshift-sdn + + `NetworkPolicy between server and client should support a 'default-deny-all' policy`, // uses egress feature + }, } // labelExcludes temporarily block tests out of a specific suite diff --git a/openshift-hack/test-kubernetes-e2e.sh b/openshift-hack/test-kubernetes-e2e.sh index 7b2937db2c5a0..3eb8ddf69132c 100755 --- a/openshift-hack/test-kubernetes-e2e.sh +++ b/openshift-hack/test-kubernetes-e2e.sh @@ -24,7 +24,7 @@ esac # Support serial and parallel test suites TEST_SUITE="${TEST_SUITE:-parallel}" -COMMON_SKIPS="\[Slow\]|\[Disruptive\]|\[Flaky\]|\[Disabled:.+\]|\[Skipped:${PLATFORM}\]" +COMMON_SKIPS="\[Slow\]|\[Disruptive\]|\[Flaky\]|\[Disabled:.+\]|\[Skipped:${PLATFORM}\]|\[Skipped:Network/OpenShiftSDN\]" case "${TEST_SUITE}" in serial) DEFAULT_TEST_ARGS="-focus=\[Serial\] -skip=${COMMON_SKIPS}" diff --git a/test/e2e/network/network_policy.go b/test/e2e/network/network_policy.go index 29a9895ad53d3..cde79c4ffae21 100644 --- a/test/e2e/network/network_policy.go +++ b/test/e2e/network/network_policy.go @@ -690,7 +690,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { ginkgo.It("should allow egress access on one named port [Feature:NetworkPolicy]", func() { clientPodName := "client-a" - protocolUDP := v1.ProtocolUDP policy := &networkingv1.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "allow-client-a-via-named-port-egress-rule", @@ -708,11 +707,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { { Port: &intstr.IntOrString{Type: intstr.String, StrVal: "serve-80"}, }, - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, }, }}, }, @@ -956,7 +950,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { ginkgo.It("should work with Ingress,Egress specified together [Feature:NetworkPolicy]", func() { const allowedPort = 80 const notAllowedPort = 81 - protocolUDP := v1.ProtocolUDP nsBName := f.BaseName + "-b" nsB, err := f.CreateNamespace(nsBName, map[string]string{ @@ -992,15 +985,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { }}, }}, Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1071,7 +1055,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { framework.ExpectNoError(err, "Error occurred while waiting for pod status in namespace: Ready.") ginkgo.By("Creating a network policy for the server which allows traffic only to a server in different namespace.") - protocolUDP := v1.ProtocolUDP policyAllowToServerInNSB := &networkingv1.NetworkPolicy{ ObjectMeta: metav1.ObjectMeta{ Namespace: nsA.Name, @@ -1087,15 +1070,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic only to server-a in namespace-b Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1207,8 +1181,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { framework.ExpectNoError(err, "Error occurred while waiting for pod type: Ready.") }) - protocolUDP := v1.ProtocolUDP - ginkgo.By("Creating client-a which should be able to contact the server before applying policy.", func() { testCanConnect(f, f.Namespace, "client-a", serviceB, 80) }) @@ -1229,15 +1201,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic only to "server-a" Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1366,8 +1329,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { var serviceB *v1.Service var podServerB *v1.Pod - protocolUDP := v1.ProtocolUDP - // Getting podServer's status to get podServer's IP, to create the CIDR podServerStatus, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), podServer.Name, metav1.GetOptions{}) if err != nil { @@ -1407,15 +1368,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to only one CIDR block. Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1442,8 +1394,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { }) ginkgo.It("should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy]", func() { - protocolUDP := v1.ProtocolUDP - // Getting podServer's status to get podServer's IP, to create the CIDR with except clause podServerStatus, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), podServer.Name, metav1.GetOptions{}) if err != nil { @@ -1474,15 +1424,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to only one CIDR block except subnet which includes Server. Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1507,8 +1448,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { }) ginkgo.It("should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy]", func() { - protocolUDP := v1.ProtocolUDP - // Getting podServer's status to get podServer's IP, to create the CIDR with except clause podServerStatus, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Get(context.TODO(), podServer.Name, metav1.GetOptions{}) if err != nil { @@ -1536,15 +1475,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to only one CIDR block except subnet which includes Server. Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1582,15 +1512,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to only one CIDR block which includes Server. Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -1635,8 +1556,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { var podA, podB *v1.Pod var err error - protocolUDP := v1.ProtocolUDP - // Before applying policy, communication should be successful between pod-a and pod-b podA, serviceA = createServerPodAndService(f, f.Namespace, "pod-a", []int{80}) ginkgo.By("Waiting for pod-a to be ready", func() { @@ -1673,15 +1592,6 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { PolicyTypes: []networkingv1.PolicyType{networkingv1.PolicyTypeEgress}, // Allow traffic to server on pod-b Egress: []networkingv1.NetworkPolicyEgressRule{ - { - Ports: []networkingv1.NetworkPolicyPort{ - // Allow DNS look-ups - { - Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, - }, - }, - }, { To: []networkingv1.NetworkPolicyPeer{ { @@ -2009,8 +1919,8 @@ func createNetworkClientPodWithRestartPolicy(f *framework.Framework, namespace * Args: []string{ "/bin/sh", "-c", - fmt.Sprintf("for i in $(seq 1 5); do nc -vz -w 8 %s.%s %d && exit 0 || sleep 1; done; exit 1", - targetService.Name, targetService.Namespace, targetPort), + fmt.Sprintf("for i in $(seq 1 5); do nc -vz -w 8 %s %d && exit 0 || sleep 1; done; exit 1", + targetService.Spec.ClusterIP, targetPort), }, }, },