Bug 1890436
| Summary: | [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should deny ingress access to updated pod [Feature:NetworkPolicy] | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Miheer Salunke <misalunk> |
| Component: | Networking | Assignee: | Mohamed Mahmoud <mmahmoud> |
| Networking sub component: | openshift-sdn | QA Contact: | zhaozhanqi <zzhao> |
| Status: | CLOSED NOTABUG | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | anbhat, bbennett, bparees |
| Version: | 4.5 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: |
[sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should deny ingress access to updated pod [Feature:NetworkPolicy]
|
|
| Last Closed: | 2021-05-12 19:40:15 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Comment 3
Victor Pickard
2020-11-04 15:54:49 UTC
I've added retry logic to the k8s E2E network policy tests to allow time for the policy flows to be installed. When running these tests in openshift on gcp platform, I can see an occasional retry on one of more of the tests. Out of 4-6 runs, I see 1 retry on 1-2 tests sometimes, and the test passes on the 1st retry. There is a KEP in review from Dan Winship that aims to add a status object to the Network Policy. This KEP will take some time to be reviewed, approved, and implemented. Once that is done, the k8s network policy tests can be enhanced to check the net policy status before validating the policy is working as intended. The retry in this PR will suffice as a work around until the KEP is implemented and E2E tests updated. Still a relatively common failure being seen in 4.7 (1% of all failed jobs) The upstream e2e tests for network policy have been rewritten, the PR linked is obsolete since it was not merged before the new tests went in to k8s. |