-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Node access all local Pods to perform probes #104
Conversation
Kubernetes Nodes need to perform liveness and readiness probes which might be an HTTP and TCP request, it requires NetworkPolicy implementation always allow a Node access all its local Pods. This patch appends the Node gateway IP which will be used when a Node accesses Pods to the FromAddresses of the CompletedRule to achieve it.
Thanks for your PR. The following commands are available:
|
/test-e2e |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -170,7 +170,7 @@ func TestRuleCacheAddAddressGroup(t *testing.T) { | |||
for _, tt := range tests { | |||
t.Run(tt.name, func(t *testing.T) { | |||
recorder := newDirtyRuleRecorder() | |||
c := newRuleCache(recorder.Record) | |||
c := newRuleCache(recorder.Record, []string{"192.168.1.1"}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe you can use a constant for the dummy address in this test as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did think about it, but it's in the same package as networkpolicy_controller_test.go, so need to think a new name as I want to avoid using constants from another test file, then I realized the cases in cache_test declares the IP and verifies it in a function scope, and I already declare many other strings there, maybe it's different from the other file declaring the string in one place and not directly in the test function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it was a pretty minor comment, let's merge this as it is
I ran into this issue while writing documentation for the OVS pipeline so I thought I would take care of it. Had to revert manually because of a conflict. This reverts commit fe07367.
…io#104) (cherry picked from commit 278c26c6d7dc85e4502c6bef5c8ef19f0f47bbb8)
Kubernetes Nodes need to perform liveness and readiness probes which
might be an HTTP and TCP request, it requires NetworkPolicy
implementation always allow a Node access all its local Pods.
This patch appends the Node gateway IP which will be used when a Node
accesses Pods to the FromAddresses of the CompletedRule to achieve it.
Related to #52