diff --git a/test/extended/networking/livemigration.go b/test/extended/networking/livemigration.go index 0796606433fd..fc548734a1be 100644 --- a/test/extended/networking/livemigration.go +++ b/test/extended/networking/livemigration.go @@ -31,8 +31,10 @@ import ( ) var _ = Describe("[sig-network][OCPFeatureGate:PersistentIPsForVirtualization][Feature:Layer2LiveMigration] Kubevirt Virtual Machines", func() { - oc := exutil.NewCLIWithPodSecurityLevel("network-segmentation-e2e", admissionapi.LevelBaseline) + // disable automatic namespace creation, we need to add the required UDN label + oc := exutil.NewCLIWithoutNamespace("network-segmentation-e2e") f := oc.KubeFramework() + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline InOVNKubernetesContext(func() { var ( @@ -68,6 +70,15 @@ var _ = Describe("[sig-network][OCPFeatureGate:PersistentIPsForVirtualization][F DescribeTable("[Suite:openshift/network/virtualization] should keep ip", func(netConfig networkAttachmentConfigParams, vmResource string, opCmd func(cli *kubevirt.Client, vmNamespace, vmName string)) { var err error + l := map[string]string{ + "e2e-framework": f.BaseName, + } + if netConfig.role == "primary" { + l[RequiredUDNNamespaceLabel] = "" + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns netConfig.namespace = f.Namespace.Name // correctCIDRFamily makes use of the ginkgo framework so it needs to be in the testcase netConfig.cidr = correctCIDRFamily(oc, cidrIPv4, cidrIPv6) @@ -240,8 +251,10 @@ var _ = Describe("[sig-network][OCPFeatureGate:PersistentIPsForVirtualization][F }) var _ = Describe("[sig-network][Feature:Layer2LiveMigration][OCPFeatureGate:NetworkSegmentation][Suite:openshift/network/virtualization] primary UDN smoke test", func() { - oc := exutil.NewCLIWithPodSecurityLevel("network-segmentation-e2e", admissionapi.LevelBaseline) + // disable automatic namespace creation, we need to add the required UDN label + oc := exutil.NewCLIWithoutNamespace("network-segmentation-e2e") f := oc.KubeFramework() + f.NamespacePodSecurityLevel = admissionapi.LevelBaseline const ( nadName = "blue" @@ -258,7 +271,11 @@ var _ = Describe("[sig-network][Feature:Layer2LiveMigration][OCPFeatureGate:Netw BeforeEach(func() { cs = f.ClientSet - var err error + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + }) + f.Namespace = ns nadClient, err = nadclient.NewForConfig(f.ClientConfig()) Expect(err).NotTo(HaveOccurred()) }) diff --git a/test/extended/networking/network_segmentation.go b/test/extended/networking/network_segmentation.go index 37f60e66d93b..3483bd305e9f 100644 --- a/test/extended/networking/network_segmentation.go +++ b/test/extended/networking/network_segmentation.go @@ -39,6 +39,7 @@ import ( ) const openDefaultPortsAnnotation = "k8s.ovn.org/open-default-ports" +const RequiredUDNNamespaceLabel = "k8s.ovn.org/primary-user-defined-network" // NOTE: We are observing pod creation requests taking more than two minutes t // reach the CNI for the CNI to do the necessary plumbing. This is causing tests @@ -63,8 +64,10 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User // TODO: so far, only the isolation tests actually require this PSA ... Feels wrong to run everything priviliged. // I've tried to have multiple kubeframeworks (from multiple OCs) running (with different project names) but // it didn't work. - oc := exutil.NewCLIWithPodSecurityLevel("network-segmentation-e2e", admissionapi.LevelPrivileged) + // disable automatic namespace creation, we need to add the required UDN label + oc := exutil.NewCLIWithoutNamespace("network-segmentation-e2e") f := oc.KubeFramework() + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged InOVNKubernetesContext(func() { const ( @@ -102,6 +105,15 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User serverPodConfig podConfiguration, ) { var err error + l := map[string]string{ + "e2e-framework": f.BaseName, + } + if netConfig.role == "primary" { + l[RequiredUDNNamespaceLabel] = "" + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns netConfig.namespace = f.Namespace.Name // correctCIDRFamily makes use of the ginkgo framework so it needs to be in the testcase @@ -143,7 +155,7 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User } By("asserting the *client* pod can contact the server pod exposed endpoint") - podShouldReach(oc, clientPodConfig.name, formatHostAndPort(net.ParseIP(serverIP), port)) + namespacePodShouldReach(oc, f.Namespace.Name, clientPodConfig.name, formatHostAndPort(net.ParseIP(serverIP), port)) } }, Entry( @@ -182,9 +194,18 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User netConfigParams *networkAttachmentConfigParams, udnPodConfig podConfiguration, ) { + l := map[string]string{ + "e2e-framework": f.BaseName, + } + if netConfigParams.role == "primary" { + l[RequiredUDNNamespaceLabel] = "" + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns By("Creating second namespace for default network pods") defaultNetNamespace := f.Namespace.Name + "-default" - _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ + _, err = cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: defaultNetNamespace, }, @@ -409,7 +430,13 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User userDefinedv6Subnet string, ) { - + l := map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns red := "red" blue := "blue" @@ -420,7 +447,8 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User By("Creating namespace " + namespace) _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ - Name: namespace, + Name: namespace, + Labels: l, }, }, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -621,6 +649,12 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User ) BeforeEach(func() { + namespace, err := f.CreateNamespace(context.TODO(), f.BaseName, map[string]string{ + "e2e-framework": f.BaseName, + }) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = namespace + By("create tests UserDefinedNetwork") cleanup, err := createManifest(f.Namespace.Name, newUserDefinedNetworkManifest(testUdnName)) DeferCleanup(cleanup) @@ -718,6 +752,14 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User primaryUdnName = "primary-net" ) + l := map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns + By("create primary network NetworkAttachmentDefinition") primaryNetNad := generateNAD(newNetworkAttachmentConfig(networkAttachmentConfigParams{ role: "primary", @@ -726,7 +768,7 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User networkName: primaryNadName, cidr: correctCIDRFamily(oc, userDefinedNetworkIPv4Subnet, userDefinedNetworkIPv6Subnet), })) - _, err := nadClient.NetworkAttachmentDefinitions(f.Namespace.Name).Create(context.Background(), primaryNetNad, metav1.CreateOptions{}) + _, err = nadClient.NetworkAttachmentDefinitions(f.Namespace.Name).Create(context.Background(), primaryNetNad, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("create primary network UserDefinedNetwork") @@ -761,8 +803,15 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User const clusterUserDefinedNetworkResource = "clusteruserdefinednetwork" var testTenantNamespaces []string + var defaultNetNamespace *v1.Namespace BeforeEach(func() { + namespace, err := f.CreateNamespace(context.TODO(), f.BaseName, map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + }) + f.Namespace = namespace + Expect(err).NotTo(HaveOccurred()) testTenantNamespaces = []string{ f.Namespace.Name + "blue", f.Namespace.Name + "red", @@ -770,13 +819,27 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User By("Creating test tenants namespaces") for _, nsName := range testTenantNamespaces { - _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName}}, metav1.CreateOptions{}) + _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: nsName, + Labels: map[string]string{RequiredUDNNamespaceLabel: ""}, + }}, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) DeferCleanup(func() error { err := cs.CoreV1().Namespaces().Delete(context.Background(), nsName, metav1.DeleteOptions{}) return err }) } + // default cluster network namespace, for use when only testing secondary UDNs/NADs + defaultNetNamespace = &v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: f.Namespace.Name + "-default", + }, + } + f.AddNamespacesToDelete(defaultNetNamespace) + _, err = cs.CoreV1().Namespaces().Create(context.Background(), defaultNetNamespace, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + testTenantNamespaces = append(testTenantNamespaces, defaultNetNamespace.Name) }) var testClusterUdnName string @@ -841,7 +904,11 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User 1*time.Minute, 3*time.Second).Should(Succeed()) By("create the new target namespace") - _, err = cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: testNewNs}}, metav1.CreateOptions{}) + _, err = cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: testNewNs, + Labels: map[string]string{RequiredUDNNamespaceLabel: ""}, + }}, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) DeferCleanup(func() error { err := cs.CoreV1().Namespaces().Delete(context.Background(), testNewNs, metav1.DeleteOptions{}) @@ -866,7 +933,11 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User testNewNs := f.Namespace.Name + "green" By("create new namespace") - _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: testNewNs}}, metav1.CreateOptions{}) + _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: testNewNs, + Labels: map[string]string{RequiredUDNNamespaceLabel: ""}, + }}, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) DeferCleanup(func() error { err := cs.CoreV1().Namespaces().Delete(context.Background(), testNewNs, metav1.DeleteOptions{}) @@ -926,7 +997,7 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User ) BeforeEach(func() { - inUseNetTestTenantNamespace = testTenantNamespaces[0] + inUseNetTestTenantNamespace = defaultNetNamespace.Name By("create pod in one of the test tenant namespaces") networkAttachments := []nadapi.NetworkSelectionElement{ @@ -982,13 +1053,23 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User }) It("when primary network exist, ClusterUserDefinedNetwork status should report not-ready", func() { + namespace, err := f.CreateNamespace(context.TODO(), f.BaseName, map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + }) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = namespace testTenantNamespaces := []string{ f.Namespace.Name + "blue", f.Namespace.Name + "red", } By("Creating test tenants namespaces") for _, nsName := range testTenantNamespaces { - _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: nsName}}, metav1.CreateOptions{}) + _, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: nsName, + Labels: map[string]string{RequiredUDNNamespaceLabel: ""}, + }}, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) DeferCleanup(func() error { err := cs.CoreV1().Namespaces().Delete(context.Background(), nsName, metav1.DeleteOptions{}) @@ -1006,7 +1087,7 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User networkName: primaryNadName, cidr: correctCIDRFamily(oc, userDefinedNetworkIPv4Subnet, userDefinedNetworkIPv6Subnet), })) - _, err := nadClient.NetworkAttachmentDefinitions(primaryNetTenantNs).Create(context.Background(), primaryNetNad, metav1.CreateOptions{}) + _, err = nadClient.NetworkAttachmentDefinitions(primaryNetTenantNs).Create(context.Background(), primaryNetNad, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("create primary Cluster UDN CR") @@ -1051,6 +1132,13 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User var udnPod *v1.Pod BeforeEach(func() { + l := map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + } + ns, err := f.CreateNamespace(context.TODO(), f.BaseName, l) + Expect(err).NotTo(HaveOccurred()) + f.Namespace = ns By("create tests UserDefinedNetwork") cleanup, err := createManifest(f.Namespace.Name, newPrimaryUserDefinedNetworkManifest(oc, testUdnName)) DeferCleanup(cleanup) diff --git a/test/extended/networking/network_segmentation_endpointslice_mirror.go b/test/extended/networking/network_segmentation_endpointslice_mirror.go index 32dfd8b6bcf9..11652fa51980 100644 --- a/test/extended/networking/network_segmentation_endpointslice_mirror.go +++ b/test/extended/networking/network_segmentation_endpointslice_mirror.go @@ -27,9 +27,10 @@ import ( var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] EndpointSlices mirroring", func() { defer GinkgoRecover() - - oc := exutil.NewCLIWithPodSecurityLevel("endpointslices-mirror-e2e", admissionapi.LevelPrivileged) + // disable automatic namespace creation, we need to add the required UDN label + oc := exutil.NewCLIWithoutNamespace("endpointslices-mirror-e2e") f := oc.KubeFramework() + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged InOVNKubernetesContext(func() { const ( userDefinedNetworkIPv4Subnet = "203.203.0.0/16" @@ -44,8 +45,12 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User BeforeEach(func() { cs = f.ClientSet - - var err error + namespace, err := f.CreateNamespace(context.TODO(), f.BaseName, map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + }) + f.Namespace = namespace + Expect(err).NotTo(HaveOccurred()) nadClient, err = nadclient.NewForConfig(f.ClientConfig()) Expect(err).NotTo(HaveOccurred()) }) @@ -180,16 +185,23 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User func( netConfig networkAttachmentConfigParams, ) { + netConfig.cidr = correctCIDRFamily(oc, userDefinedNetworkIPv4Subnet, userDefinedNetworkIPv6Subnet) + By("creating default net namespace") + defaultNSName := f.BaseName + "-default" + defaultNetNamespace, err := f.CreateNamespace(context.TODO(), defaultNSName, map[string]string{ + "e2e-framework": defaultNSName, + }) + Expect(err).NotTo(HaveOccurred()) By("creating the network") - netConfig.namespace = f.Namespace.Name + netConfig.namespace = defaultNetNamespace.Name Expect(createNetworkFn(netConfig)).To(Succeed()) By("deploying the backend pods") replicas := 3 for i := 0; i < replicas; i++ { - runUDNPod(cs, f.Namespace.Name, + runUDNPod(cs, defaultNetNamespace.Name, *podConfig(fmt.Sprintf("backend-%d", i), func(cfg *podConfiguration) { - cfg.namespace = f.Namespace.Name + cfg.namespace = defaultNetNamespace.Name // Add the net-attach annotation for secondary networks if netConfig.role == "secondary" { cfg.attachments = []nadapi.NetworkSelectionElement{{Name: netConfig.name}} @@ -208,12 +220,12 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User svc := e2eservice.CreateServiceSpec("test-service", "", false, map[string]string{"app": "test"}) familyPolicy := corev1.IPFamilyPolicyPreferDualStack svc.Spec.IPFamilyPolicy = &familyPolicy - _, err := cs.CoreV1().Services(f.Namespace.Name).Create(context.Background(), svc, metav1.CreateOptions{}) + _, err = cs.CoreV1().Services(defaultNetNamespace.Name).Create(context.Background(), svc, metav1.CreateOptions{}) framework.ExpectNoError(err, "Failed creating service %v", err) By("asserting the mirrored EndpointSlice does not exist") Eventually(func() error { - esList, err := cs.DiscoveryV1().EndpointSlices(f.Namespace.Name).List(context.TODO(), metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", "k8s.ovn.org/service-name", svc.Name)}) + esList, err := cs.DiscoveryV1().EndpointSlices(defaultNetNamespace.Name).List(context.TODO(), metav1.ListOptions{LabelSelector: fmt.Sprintf("%s=%s", "k8s.ovn.org/service-name", svc.Name)}) if err != nil { return err } @@ -229,7 +241,6 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User networkAttachmentConfigParams{ name: nadName, topology: "layer2", - cidr: fmt.Sprintf("%s,%s", userDefinedNetworkIPv4Subnet, userDefinedNetworkIPv6Subnet), role: "secondary", }, ), @@ -238,7 +249,6 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User networkAttachmentConfigParams{ name: nadName, topology: "layer3", - cidr: fmt.Sprintf("%s,%s", userDefinedNetworkIPv4Subnet, userDefinedNetworkIPv6Subnet), role: "secondary", }, ), @@ -247,14 +257,14 @@ var _ = Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:User Entry("NetworkAttachmentDefinitions", func(c networkAttachmentConfigParams) error { netConfig := newNetworkAttachmentConfig(c) nad := generateNAD(netConfig) - _, err := nadClient.NetworkAttachmentDefinitions(f.Namespace.Name).Create(context.Background(), nad, metav1.CreateOptions{}) + _, err := nadClient.NetworkAttachmentDefinitions(c.namespace).Create(context.Background(), nad, metav1.CreateOptions{}) return err }), Entry("UserDefinedNetwork", func(c networkAttachmentConfigParams) error { udnManifest := generateUserDefinedNetworkManifest(&c) - cleanup, err := createManifest(f.Namespace.Name, udnManifest) + cleanup, err := createManifest(c.namespace, udnManifest) DeferCleanup(cleanup) - Eventually(userDefinedNetworkReadyFunc(oc.AdminDynamicClient(), f.Namespace.Name, c.name), 5*time.Second, time.Second).Should(Succeed()) + Eventually(userDefinedNetworkReadyFunc(oc.AdminDynamicClient(), c.namespace, c.name), 5*time.Second, time.Second).Should(Succeed()) return err }), ) diff --git a/test/extended/networking/network_segmentation_policy.go b/test/extended/networking/network_segmentation_policy.go index d88248b4313c..786881e9abce 100644 --- a/test/extended/networking/network_segmentation_policy.go +++ b/test/extended/networking/network_segmentation_policy.go @@ -23,8 +23,10 @@ import ( var _ = ginkgo.Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Feature:UserDefinedPrimaryNetworks] Network Policies", func() { defer ginkgo.GinkgoRecover() - oc := exutil.NewCLIWithPodSecurityLevel("network-segmentation-policy-e2e", admissionapi.LevelPrivileged) + // disable automatic namespace creation, we need to add the required UDN label + oc := exutil.NewCLIWithoutNamespace("network-segmentation-policy-e2e") f := oc.KubeFramework() + f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged InOVNKubernetesContext(func() { const ( nodeHostnameKey = "kubernetes.io/hostname" @@ -46,8 +48,12 @@ var _ = ginkgo.Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Featu ginkgo.BeforeEach(func() { cs = f.ClientSet - - var err error + namespace, err := f.CreateNamespace(context.TODO(), f.BaseName, map[string]string{ + "e2e-framework": f.BaseName, + RequiredUDNNamespaceLabel: "", + }) + f.Namespace = namespace + gomega.Expect(err).NotTo(gomega.HaveOccurred()) nadClient, err = nadclient.NewForConfig(f.ClientConfig()) gomega.Expect(err).NotTo(gomega.HaveOccurred()) @@ -57,7 +63,8 @@ var _ = ginkgo.Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Featu ginkgo.By("Creating namespace " + namespace) ns, err := cs.CoreV1().Namespaces().Create(context.Background(), &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ - Name: namespace, + Name: namespace, + Labels: map[string]string{RequiredUDNNamespaceLabel: ""}, }, }, metav1.CreateOptions{}) gomega.Expect(err).NotTo(gomega.HaveOccurred()) @@ -126,7 +133,7 @@ var _ = ginkgo.Describe("[sig-network][OCPFeatureGate:NetworkSegmentation][Featu } ginkgo.By("asserting the *client* pod can contact the server pod exposed endpoint") - podShouldReach(oc, clientPodConfig.name, formatHostAndPort(net.ParseIP(serverIP), port)) + namespacePodShouldReach(oc, f.Namespace.Name, clientPodConfig.name, formatHostAndPort(net.ParseIP(serverIP), port)) } ginkgo.By("creating a \"default deny\" network policy")