Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACNP IngressPolicy not working for Flexible IPAM pods #6237

Open
KMAnju-2021 opened this issue Apr 18, 2024 · 2 comments
Open

ACNP IngressPolicy not working for Flexible IPAM pods #6237

KMAnju-2021 opened this issue Apr 18, 2024 · 2 comments
Assignees
@KMAnju-2021
Labels
area/network-policy Issues or PRs related to network policies. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test.

Comments

@KMAnju-2021
Copy link
Contributor

KMAnju-2021 commented Apr 18, 2024
edited

Describe the bug

acnp ingress policy not working only for one case in kind cluster:
when src Pod is IPAM-pod without vlan and destination pod is IPAM-pod with vlan (11,12).

To Reproduce

  1. create kind cluster
  2. apply antrea.yml with enableIPAM feature.
  3. apply ingress acnp

apiVersion: crd.antrea.io/v1beta1
kind: ClusterNetworkPolicy
metadata:
name: acnp-with-drop-a
spec:
priority: 1
appliedTo:
- podSelector:
matchLabels:
pod: a
ingress:
- action: Drop
from:
- podSelector: {}
enableLogging: true

  1. Run TestAntreaIPAMAntreaPolicy/TestGroupNoK8sNP/Case=ACNPIngressDrop test

Expected

destination pod should drop the packets

Actual behavior

kubectl exec -it antrea-ipam-testa-cf59ccc97-bq5w9 -n antrea-ipam-test -- sh
Defaulted container "c80" out of: c80, c81, c8080, c8081, c8082, c8083, c8084, c8085
/ # curl 192.168.242.100:81
curl: (1) Received HTTP/0.9 when not allowed

/ # /agnhost connect 192.168.242.100:81 --timeout=1s --protocol=tcp && echo "CONNECTED"
CONNECTED
/ # /agnhost connect 192.168.241.100:81 --timeout=1s --protocol=tcp && echo "CONNECTED"
CONNECTED
@KMAnju-2021 KMAnju-2021 added the kind/bug Categorizes issue or PR as related to a bug. label Apr 18, 2024
@rajnkamr rajnkamr added the area/network-policy Issues or PRs related to network policies. label Apr 18, 2024
@antoninbas
Copy link
Contributor

Thanks for reporting this. It's not always the same subtest failing as far as I can tell, but I keep experiencing this issue with the Jenkins job.

@antoninbas antoninbas added kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. and removed kind/bug Categorizes issue or PR as related to a bug. labels Apr 18, 2024
@rajnkamr
Copy link
Contributor

It seems to be consistently failing specially for destination pod as vlan IPAM pod with src pod selector configuration.

@rajnkamr rajnkamr changed the title ACNP IngressPolicy not working for IPAM pods in kind cluster ACNP IngressPolicy not working for IPAM pods Apr 22, 2024
@antoninbas antoninbas mentioned this issue Apr 22, 2024
Merged
@KMAnju-2021 KMAnju-2021 mentioned this issue Apr 24, 2024
Open
@rajnkamr rajnkamr changed the title ACNP IngressPolicy not working for IPAM pods ACNP IngressPolicy not working for Flexible IPAM pods May 3, 2024
@antoninbas antoninbas mentioned this issue May 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KMAnju-2021 KMAnju-2021

Labels
area/network-policy Issues or PRs related to network policies. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@antoninbas @rajnkamr @KMAnju-2021