In order to move vif information from 'spec' to 'status', we need
to support both for the transition time.
Change-Id: I2cb66e25534e44b79f660b10498086aa88ad805c
It was skipped because of 1886909 which should be fixed
Depends-On: https://review.opendev.org/#/c/742384/
Change-Id: Ia28cf8b9c27560f4672a3bc46fd8a12eae790a51
This commit adapts network policy tests to new KuryrNetworkPolicy CRD
format. This includes splitting TestNetworkPolicy class into two
versions and a bit of refactoring to allow that.
Change-Id: Id303620090df194297e16384d3522c3e3bb2ca58
Currently, all the information was stored within the pod annotations,
and so the tests are utilizing annotations. With upcoming annotation to
CRD transition, in order to get the VIF information we need to also
check the CRD.
Change-Id: If639b63dcf660ed709623c8d5f788026619c895c
Right now we're attempt to get a KuryrNetworks CR after namespace
creation regardless if it's supported or not on the Cluster, which
causes the test test_ipblock_network_policy_allow_except to fail with
NotFound.
This commit fixes the issue by ensuring the correct CR is retrieved
when supported.
Change-Id: Ifce4316cf58ae010b267fd99b654cd816c0bff8a
It's possible that a Network Policy CRD creation times out,
and right now we're allowing the test to proceed without the CRD
in place. This commit enforces a time out exception is raised
when both creation/deletion of CRD times out.
Change-Id: I08260ddff218f176648725872f1d6c9b3542373c
Additionally, there was narrowed down amount of security group rules for
test_ipblock_network_policy_allow_except test, as it only requires pod
to pod connection, so that instead of creating rules for entire wide
range (like 0.0.0.0/0 or ::/0) but only for network, which the pods are
in.
Change-Id: I9e9b2af6404d6cfd3e43e149fd89b8825fa2cb35
Update docs building, cleanup after py27 removal a bit:
* Update requirements for Sphinx and openstackdocstheme for
python 3
* Remove unneeded sections from setup.cfg
* Remove install_command, it's unneeded, the default is fine.
* Move constraints into deps, use TOX_CONSTRAINTS instead of obsolete
UPPER_CONSTRAINTS
* Switch to hacking 3.0, fix problems found
Change-Id: I8b5634b02b399a0678c611b7be8593280b666953
Check connectivity to the service from a pods within the namespace in
test_namespace instead from outisde
Change-Id: I5af7fc1be342d7fafa217347b1d84c3679c118c1
From time to time we get some etcd issues on the gate and when that
happens Kubernetes API likes to greet us with a 500 error. This commit
makes sure that exec_command_in_pod retries requests like that so that in
such case we don't fail a test.
Change-Id: Ibaf2b70dfb8222dfafb9e0a451674473377074c0
Busy-waiting for POD creation for a number of seconds
(240 by default). If expired throws a TimeoutException.
Reuse static method wait_for_pod_status.
Change-Id: I1e212871e564ba3e10fa39c1bd7a2c5946954bb9
Create 4 pods
Check that the http connection works before applying NP rules
Apply NP by allowing all and blocking pod1 ingress and pod2 egress
Check that http connection from pod1 to pod4 is blocked
Check that http connection from pod4 to pod2 is blocked
Check that http connection from pod4 to pod3 is still working
Change-Id: Ida893c0ca6a340b342d903974ec64b8a8c98565b
Technically we haven't dropped compatibility with Python 2 yet, so this
commit fixes 2 places that were incompatible.
Change-Id: I5d5ad4ed119afe71e10495bc907d8f55c0f9d4c4
This commit fixes stuff related to the fact that most apps require IPv6
addresses to be in brackets. Also now tests that use floating ips are
skipped if IPv6 is configured. FIPs are not supported on IPv6 and we
need to figure out other way to test them.
Implements: blueprint kuryr-ipv6-support
Change-Id: Ic2be3cf93bd9d114af907d26198e8011281bfabf
Recently added decorator for unstable tests require an argument bug to
be a string. In this patch we fix that.
Change-Id: I20ba88f1adb3ec4eef985c5cfa28a7d3b2575b2d
Seems like that test is critically unstable, I'm marking it as such to
make sure tests will be more forgiving.
Change-Id: Ic4c262189c74a93383f5b5274b4ccc41bf542446
Related-Bug: 1860554
Adjusting also test_port_pool_min_max_update,
Due to prepopulation of ports when creating namespace.
Change-Id: Id1720eaf94b3a278aa126e2ed3cb9bcdda8e631f
As this test recreates the namespace and a pod on it,
it could take a bit longer for the older KuryrNet CRD
to be removed and recreated, plus the pool to be populated
causing the pod creation to timeout. This commit reduce the
flakiness by increasing the timeout.
Change-Id: I31a874c5f1d0d134e555a32b09a71e9466daea77
Check from a pod the connectivity to the internal IP of
LB services instead of from an external node
Change-Id: I6ce0b16985de6cc7182026975a63f03844d9d9ee
This is needed because it takes time to update Network resources
(for example LB or SG) after Network policy creation
Change-Id: I9b234386d861dfd35ed2062f7951dbe15538a034
We have issues with this test, most likely due to Neutron bug [1]. This
commit marks it as unstable, so it gets skipped on failure.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1688323
Change-Id: I8a1bfab6e4b6c0e08d8cd2b7e8c6a5efdd87bbd3
The error message retuned when a CRD is not validated has changed
on Kubernetes 1.16. We should also update the NP and Namespaces
tempests tests to match it, as the gate is using Kubernetes 1.16.
Change-Id: I4ed2bdbbc664579689763f2759741b0efced6db6
In Python 3 {}.keys() return a view, not a list, so we cannot index it.
This commit fixes test_update_network_policy to anticipate that.
Change-Id: Idb6adec1d4b4b4a0f3c65b03c157f5fbb1c278de
Creating network policy with ipblock_cidr for ingress and egress
and testing that appropriate Security group rules were created
Change-Id: Id97a4a9c0a3e45300a18251ab30ca7dd72a415e0
Check the number of ports after the third pod creation based on the values
of ports_pool_batch and ports_pool_min
Change-Id: Ic0d821979b4277b564705022c0858721ef52348f