[CI] Fix NetworkPolicy tests on Clouds #4064

tnqn · 2022-07-29T13:34:29Z

GKE's cluster version now defaults to v1.24.1, which no longer creates
secret for service account automatically, the verification in old test
cases would fail. This patch makes the test determine conformance
container image version based on the cluster's version to avoid such
issue.

However, the test suite Netpol introduced in new conformance image uses
a Namespace creation function which is not robust, leanding to random
test failures in GKE test. This patch skips it temporarily.

Besides, legacy NetworkPolicy tests for AKS and EKS have been skipped
by mistake for a while because of a conflicting skip regex. This patch
fixes it.

For #3762

Signed-off-by: Quan Tian qtian@vmware.com

codecov · 2022-07-29T13:57:13Z

Codecov Report

Merging #4064 (2094f60) into main (7ec0860) will increase coverage by 3.29%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main    #4064      +/-   ##
==========================================
+ Coverage   64.24%   67.54%   +3.29%     
==========================================
  Files         294      297       +3     
  Lines       44809    45034     +225     
==========================================
+ Hits        28787    30416    +1629     
+ Misses      13671    12240    -1431     
- Partials     2351     2378      +27

Flag	Coverage Δ
integration-tests	`35.20% <ø> (?)`
kind-e2e-tests	`51.05% <ø> (+0.51%)`	⬆️
unit-tests	`44.36% <ø> (+0.01%)`	⬆️

Impacted Files	Coverage Δ
pkg/agent/proxy/topology.go	`72.72% <0.00%> (-9.10%)`	⬇️
pkg/agent/interfacestore/types.go	`61.11% <0.00%> (-8.34%)`	⬇️
pkg/controller/networkpolicy/tier.go	`50.00% <0.00%> (-5.00%)`	⬇️
pkg/agent/openflow/multicluster.go	`44.85% <0.00%> (-1.87%)`	⬇️
pkg/util/ip/ip.go	`83.73% <0.00%> (-1.63%)`	⬇️
pkg/agent/cniserver/ipam/antrea_ipam_controller.go	`79.45% <0.00%> (-1.37%)`	⬇️
pkg/controller/ipam/antrea_ipam_controller.go	`75.25% <0.00%> (-1.01%)`	⬇️
...ntroller/networkpolicy/networkpolicy_controller.go	`73.29% <0.00%> (-0.61%)`	⬇️
pkg/agent/controller/trafficcontrol/controller.go	`81.08% <0.00%> (-0.43%)`	⬇️
multicluster/cmd/multicluster-controller/leader.go	`0.00% <0.00%> (ø)`
... and 52 more

tnqn · 2022-07-29T16:21:17Z

ci/test-conformance-aks.sh

@@ -247,7 +247,7 @@ function run_conformance() {
    echo "=== Running Antrea Conformance and Network Policy Tests ==="
    # Skip NodePort related cases for AKS since as Nodes in AKS cluster seem not accessible from other Nodes
    # through public IPs by default. See https://github.com/antrea-io/antrea/issues/2409
-    skip_regex="\[Slow\]|\[Serial\]|\[Disruptive\]|\[Flaky\]|\[Feature:.+\]|\[sig-cli\]|\[sig-storage\]|\[sig-auth\]|\[sig-api-machinery\]|\[sig-apps\]|\[sig-node\]|NodePort"
+    skip_regex="\[Slow\]|\[Serial\]|\[Disruptive\]|\[Flaky\]|\[Feature:(?!NetworkPolicy\])|\[sig-cli\]|\[sig-storage\]|\[sig-auth\]|\[sig-api-machinery\]|\[sig-apps\]|\[sig-node\]|\[sig-instrumentation\]|NodePort"


Unfortunately this doesn't work:

ERRO[0000] invalid argument "\\[Feature:(?!NetworkPolicy\\])" for "--e2e-skip" flag: flag value "\\[Feature:(?!NetworkPolicy\\])" fails regexp validation: error parsing regexp: invalid or unsupported Perl syntax: `(?!`

antoninbas

LGTM
Are we running legacy NetworkPolicy tests for all 3 clouds?

GKE's cluster version now defaults to v1.24.1, which no longer creates secret for service account automatically, the verification in old test cases would fail. This patch makes the test determine conformance container image version based on the cluster's version to avoid such issue. However, the test suite Netpol introduced in new conformance image uses a Namespace creation function which is not robust, leanding to random test failures in GKE test. This patch skips it temporarily. Besides, legacy NetworkPolicy tests for AKS and EKS have been skipped by mistake for a while because of a conflicting skip regex. This patch fixes it. For antrea-io#3762 Signed-off-by: Quan Tian <qtian@vmware.com>

tnqn · 2022-08-09T05:16:21Z

LGTM Are we running legacy NetworkPolicy tests for all 3 clouds?

Yes, the latest patch updated to run legacy NetworkPolicy tests only for all 3 clouds because AKS also seems unable to run it due to some issues: https://jenkins.antrea-ci.rocks/view/cloud/job/cloud-antrea-aks-conformance-net-policy/287/. I think it's perhaps better to wait for NetPol being more reliable before running it on any cloud.

netpol-1199-x/a Ready:False: Unschedulable: 0/2 nodes are available: 2 Too many pods.
netpol-1199-x/b Ready:False: Unschedulable: 0/2 nodes are available: 2 Too many pods.
netpol-1199-x/c Ready:False: Unschedulable: 0/2 nodes are available: 2 Too many pods.
netpol-1199-y/a Ready:False: Unschedulable: 0/2 nodes are available: 2 Too many pods.
netpol-1199-y/b Ready:False: Unschedulable: 0/2 nodes are available: 2 Too many pods.
netpol-1199-y/c Ready:False: Unschedulable: 0/2 nodes are available: 2 Too many pods.
netpol-1199-z/a Ready:False: Unschedulable: 0/2 nodes are available: 2 Too many pods.

tnqn · 2022-08-09T17:36:13Z

/skip-all

tnqn added the area/test Issues or PRs related to unit and integration tests. label Jul 29, 2022

tnqn force-pushed the fix-gke-test branch from eb5e2e4 to 8285d4e Compare July 29, 2022 14:57

tnqn commented Jul 29, 2022

View reviewed changes

tnqn marked this pull request as draft July 29, 2022 16:21

tnqn force-pushed the fix-gke-test branch from 8285d4e to 7155c74 Compare August 8, 2022 15:31

tnqn marked this pull request as ready for review August 8, 2022 16:52

tnqn requested a review from antoninbas August 8, 2022 16:52

antoninbas previously approved these changes Aug 8, 2022

View reviewed changes

tnqn dismissed antoninbas’s stale review via 2094f60 August 9, 2022 05:06

tnqn force-pushed the fix-gke-test branch from 7155c74 to 2094f60 Compare August 9, 2022 05:06

tnqn changed the title ~~Determine conformance container image version at runtime for GKE~~ [CI] Fix NetworkPolicy tests on Clouds Aug 9, 2022

antoninbas approved these changes Aug 9, 2022

View reviewed changes

tnqn merged commit 024254d into antrea-io:main Aug 9, 2022

tnqn deleted the fix-gke-test branch August 9, 2022 17:36

tnqn mentioned this pull request Dec 19, 2022

Automated cherry pick of #4064: Fix NetworkPolicy tests on Clouds #4498

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[CI] Fix NetworkPolicy tests on Clouds #4064

[CI] Fix NetworkPolicy tests on Clouds #4064

tnqn commented Jul 29, 2022 •

edited

Loading

codecov bot commented Jul 29, 2022 •

edited

Loading

tnqn Jul 29, 2022

antoninbas left a comment

tnqn commented Aug 9, 2022 •

edited

Loading

tnqn commented Aug 9, 2022

[CI] Fix NetworkPolicy tests on Clouds #4064

[CI] Fix NetworkPolicy tests on Clouds #4064

Conversation

tnqn commented Jul 29, 2022 • edited Loading

codecov bot commented Jul 29, 2022 • edited Loading

Codecov Report

tnqn Jul 29, 2022

Choose a reason for hiding this comment

antoninbas left a comment

Choose a reason for hiding this comment

tnqn commented Aug 9, 2022 • edited Loading

tnqn commented Aug 9, 2022

tnqn commented Jul 29, 2022 •

edited

Loading

codecov bot commented Jul 29, 2022 •

edited

Loading

tnqn commented Aug 9, 2022 •

edited

Loading