Bug 1986307 - Enable back Feature:UDPConnectivity and NetworkPolicy tests
Summary: Enable back Feature:UDPConnectivity and NetworkPolicy tests
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.9
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.9.0
Assignee: Martin Kennelly
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-27 08:59 UTC by Maciej Szulik
Modified: 2021-10-18 17:41 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-18 17:41:34 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift kubernetes pull 885 0 None None None 2021-08-30 14:52:18 UTC
Github openshift origin pull 26428 0 None None None 2021-08-29 01:46:44 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:41:36 UTC

Description Maciej Szulik 2021-07-27 08:59:19 UTC
To land k8s bump (https://github.com/openshift/kubernetes/pull/862) I've disabled:
- `[Feature:ServiceInternalTrafficPolicy]`,
- `[sig-network] Networking Granular Checks: Services should function for node-Service: http`
- `[sig-network] Netpol NetworkPolicy between server and client should enforce policy to allow traffic from pods within server namespace based on PodSelector`
- `[sig-network] Netpol NetworkPolicy between server and client should enforce policy based on PodSelector with MatchExpressions`
- `[sig-network] Netpol NetworkPolicy between server and client should enforce policy based on NamespaceSelector with MatchExpressions using default ns label`
- `[sig-network] Netpol NetworkPolicy between server and client should enforce policy based on PodSelector or NamespaceSelector`
- `[sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a ClusterIP service`

in openshift/kubernetes

Comment 1 Martin Kennelly 2021-07-30 14:10:15 UTC
Waiting for PR to merge before proceeding.

Comment 2 Martin Kennelly 2021-08-09 17:18:46 UTC
`[sig-network] Networking Granular Checks: Services should function for node-Service: http`
`[sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a ClusterIP service`

The suites/tests above are passing on PRs latest test runs - e.g. https://storage.googleapis.com/origin-ci-test/pr-logs/pull/openshift_kubernetes/862/pull-ci-openshift-kubernetes-master-e2e-gcp/1423849437725200384/build-log.txt

Netpol tests have been disabled and re-enabling won't be handled by this BZ.

Comment 3 Martin Kennelly 2021-08-09 18:03:05 UTC
I can see the tests:
 `[sig-network] Conntrack should be able to preserve UDP traffic when server pod cycles for a ClusterIP service`
`[sig-network] Networking Granular Checks: Services should function for node-Service: http`

..are passing in the latest CI runs for your PR. I am trying to understand why they are disabled when I see them passing on the PR CI.

Thanks,

Comment 4 Martin Kennelly 2021-08-16 10:39:46 UTC
For openshift-sdn, all tests are passing except 2 which I have left disabled until possible upstream fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1993845
Investigating ovn-k now.

Comment 5 Martin Kennelly 2021-08-16 11:40:39 UTC
For ovn-k, conformance is passing for the relevant test cases in the original PR, except for the 2 test cases outlined in: https://bugzilla.redhat.com/show_bug.cgi?id=1993845

Comment 6 Martin Kennelly 2021-08-17 09:01:52 UTC
2 PRs submitted to k8 upstream. Failing tests disable for now.

Comment 7 Martin Kennelly 2021-08-18 12:06:42 UTC
Added URL to remaining disabled netpol tests: https://bugzilla.redhat.com/show_bug.cgi?id=1980141

Looking for merge support now.

Comment 8 Martin Kennelly 2021-08-25 10:12:27 UTC
Could you have a look at the PR? Thank you.

Comment 9 Martin Kennelly 2021-08-27 09:52:56 UTC
Patch for openshift/kubernetes is merged. Produced PR in openshift/origin to consume the updates.
PR: https://github.com/openshift/origin/pull/26428

Comment 14 errata-xmlrpc 2021-10-18 17:41:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759


Note You need to log in before you can comment on or make changes to this bug.