diff --git a/dist/images/Dockerfile.fedora b/dist/images/Dockerfile.fedora index c962767c1a0..0299a89dd8d 100644 --- a/dist/images/Dockerfile.fedora +++ b/dist/images/Dockerfile.fedora @@ -15,7 +15,7 @@ USER root ENV PYTHONDONTWRITEBYTECODE yes -ARG ovnver=ovn-21.03.0-32.fc33 +ARG ovnver=ovn-21.06.0-12.fc33 # install needed rpms - openvswitch must be 2.10.4 or higher RUN INSTALL_PKGS=" \ diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index 5edbec899c7..1a74b76510b 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -1671,162 +1671,6 @@ spec: }) }) -// Validate pods can reach a network running in a container's looback address via -// an external gateway running on eth0 of the container without any tunnel encap. -// The traffic will get proxied through an annotated pod in the default namespace. -var _ = ginkgo.Describe("e2e non-vxlan external gateway through a gateway pod", func() { - const ( - svcname string = "externalgw-pod-novxlan" - dummyMac string = "01:23:45:67:89:10" - exGWRemoteIp string = "10.249.3.1" - gwContainerName string = "ex-gw-container" - defaultNamespace string = "default" - routingNetwork string = "foo" - srcPingPodName string = "e2e-exgw-src-ping-pod" - gatewayPodName string = "e2e-gateway-pod" - ) - - f := framework.NewDefaultFramework(svcname) - - type nodeInfo struct { - name string - nodeIP string - } - - var ( - worker1NodeInfo nodeInfo - worker2NodeInfo nodeInfo - ) - - ginkgo.BeforeEach(func() { - - // retrieve worker node names - nodes, err := e2enode.GetBoundedReadySchedulableNodes(f.ClientSet, 3) - framework.ExpectNoError(err) - if len(nodes.Items) < 3 { - framework.Failf( - "Test requires >= 3 Ready nodes, but there are only %v nodes", - len(nodes.Items)) - } - ips := e2enode.CollectAddresses(nodes, v1.NodeInternalIP) - worker1NodeInfo = nodeInfo{ - name: nodes.Items[1].Name, - nodeIP: ips[1], - } - worker2NodeInfo = nodeInfo{ - name: nodes.Items[2].Name, - nodeIP: ips[2], - } - }) - - ginkgo.AfterEach(func() { - // tear down the containers simulating the gateways - if cid, _ := runCommand("docker", "ps", "-qaf", fmt.Sprintf("name=%s", gwContainerName)); cid != "" { - if _, err := runCommand("docker", "rm", "-f", gwContainerName); err != nil { - framework.Logf("failed to delete the gateway test container %s %v", gwContainerName, err) - } - } - }) - - ginkgo.It("Should validate connectivity to an external gateway's loopback address via a pod with external gateway annotations enabled", func() { - - var ( - pingSrc string - exGWRemoteCidr = fmt.Sprintf("%s/32", exGWRemoteIp) - command = []string{"bash", "-c", "sleep 20000"} - testContainer = fmt.Sprintf("%s-container", srcPingPodName) - testContainerFlag = fmt.Sprintf("--container=%s", testContainer) - ) - - // start the container that will act as an external gateway - _, err := runCommand("docker", "run", "-itd", "--privileged", "--network", externalContainerNetwork, "--name", gwContainerName, "centos") - if err != nil { - framework.Failf("failed to start external gateway test container %s: %v", gwContainerName, err) - } - exGWIp, _ := getContainerAddressesForNetwork(gwContainerName, externalContainerNetwork) - if err != nil { - framework.Failf("failed to start external gateway test container: %v", err) - } - - // create the pod that acts as a proxy for egress traffic to the external gateway - createGenericPod(f, gatewayPodName, worker1NodeInfo.name, defaultNamespace, command) - // wait for pod setup to return a valid address - // note: this is polling the default namespace, not the framework naespace - err = wait.PollImmediate(retryInterval, retryTimeout, func() (bool, error) { - kubectlOut := getPodAddress(gatewayPodName, defaultNamespace) - validIP := net.ParseIP(kubectlOut) - if validIP == nil { - return false, nil - } - return true, nil - }) - // Fail the test if no address is ever retrieved - if err != nil { - framework.Failf("Error trying to get the pod IP address") - } - - // add the annotations to the pod to enable the gateway forwarding. - // this fakes out the multus annotation so that the pod IP is - // actually an IP of an external container for testing purposes - annotateArgs := []string{ - "annotate", - "pods", - gatewayPodName, - fmt.Sprintf("k8s.v1.cni.cncf.io/network-status=[{\"name\":\"%s\",\"interface\":"+ - "\"net1\",\"ips\":[\"%s\"],\"mac\":\"%s\"}]", routingNetwork, exGWIp, dummyMac), - fmt.Sprintf("k8s.ovn.org/routing-namespaces=%s", f.Namespace.Name), - fmt.Sprintf("k8s.ovn.org/routing-network=%s", routingNetwork), - } - framework.Logf("Annotating the external gateway pod with annotation %s", annotateArgs) - framework.RunKubectlOrDie(defaultNamespace, annotateArgs...) - - // create the pod that will source the connectivity test to the external gateway - createGenericPod(f, srcPingPodName, worker2NodeInfo.name, f.Namespace.Name, command) - // wait for the pod setup to return a valid address - err = wait.PollImmediate(retryInterval, retryTimeout, func() (bool, error) { - pingSrc = getPodAddress(srcPingPodName, f.Namespace.Name) - validIP := net.ParseIP(pingSrc) - if validIP == nil { - return false, nil - } - return true, nil - }) - // Fail the test if no address is ever retrieved - if err != nil { - framework.Failf("Error trying to get the pod IP address") - } - - // add loopback interface used to validate all traffic is getting drained through the gateway - _, err = runCommand("docker", "exec", gwContainerName, "ip", "address", "add", exGWRemoteCidr, "dev", "lo") - if err != nil { - framework.Failf("failed to add the loopback ip to dev lo on the test container: %v", err) - } - // add a host route on the mock gateway for return traffic to the proxy pod - nodeIP, _ := getContainerAddressesForNetwork(worker1NodeInfo.name, externalContainerNetwork) - - _, err = runCommand("docker", "exec", gwContainerName, "ip", "route", "add", pingSrc, "via", nodeIP) - if err != nil { - framework.Failf("failed to add the pod host route on the test container: %v", err) - } - - ginkgo.By("Verifying connectivity to the pod from external gateways") - _, err = runCommand("docker", "exec", gwContainerName, "ping", "-c", "5", pingSrc) - framework.ExpectNoError(err, "Failed to ping ", pingSrc, gwContainerName) - - // Verify the external gateway loopback address running on the external container is reachable and - // that traffic from the source ping pod is proxied through the pod in the default namespace - ginkgo.By(fmt.Sprintf("Verifying connectivity via the gateway namespace to the gateway %s and remote address %s", exGWIp, exGWRemoteIp)) - _, err = framework.RunKubectl(f.Namespace.Name, "exec", srcPingPodName, testContainerFlag, "--", "ping", "-w", "40", exGWRemoteIp) - if err != nil { - framework.Failf("Failed to ping the remote gateway network %s from pod %s: %v", exGWRemoteIp, srcPingPodName, err) - } - err = f.ClientSet.CoreV1().Pods(defaultNamespace).Delete(context.Background(), gatewayPodName, metav1.DeleteOptions{}) - if err != nil { - framework.Logf("Failed to get delete the pod %s in the namespace %s: %v", gatewayPodName, defaultNamespace, err) - } - }) -}) - var _ = ginkgo.Describe("e2e ingress traffic validation", func() { const ( endpointHTTPPort = 80 diff --git a/test/scripts/e2e-cp.sh b/test/scripts/e2e-cp.sh index 599f065c540..d062845d5d6 100755 --- a/test/scripts/e2e-cp.sh +++ b/test/scripts/e2e-cp.sh @@ -12,15 +12,9 @@ should provide connection to external host by DNS name from a pod|\ should provide Internet connection continuously when master is killed|\ should provide Internet connection continuously when ovn-k8s pod is killed|\ Should validate connectivity from a pod to a non-node host address on same node|\ -Should validate connectivity to an external gateway\'s loopback address via a pod with external gateway annotations enabled|\ -Should validate connectivity to multiple external gateways for an ECMP scenario|\ Should validate connectivity without vxlan before and after updating the namespace annotation to a new external gateway|\ -Should validate ICMP connectivity to an external gateway\'s loopback address via a pod with external gateway annotations enabled|\ -Should validate ICMP connectivity to multiple external gateways for an ECMP scenario|\ Should validate ingress connectivity from an external gateway|\ Should validate NetFlow data of br-int is sent to an external gateway|\ -Should validate TCP/UDP connectivity to an external gateway\'s loopback address via a pod with external gateway annotations enabled|\ -Should validate TCP/UDP connectivity to multiple external gateways for a UDP / TCP scenario|\ Should validate the egress firewall policy functionality against remote hosts|\ Should validate the egress IP functionality against remote hosts|\ recovering from deleting db files while maintain connectivity|\