search

ovn-org / ovn-kubernetes

A robust Kubernetes networking platform
https://ovn-kubernetes.io/
Apache License 2.0
777 stars 334 forks source link

Flake: ANP: `AdminNetworkPolicyIngressSCTP` #4142

Open martinkennelly opened 5 months ago

martinkennelly commented 5 months ago

Test: 

2024-02-07T13:29:53.3214245Z         --- FAIL: TestNetworkPolicyV2Conformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'deny-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected (0.19s)

https://github.com/ovn-org/ovn-kubernetes/actions/runs/7814875289/job/21318044260?pr=4061

=== RUN   TestNetworkPolicyV2Conformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'allow-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected
2024-02-07T13:26:29.9926003Z === RUN   TestNetworkPolicyV2Conformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'allow-ingress'_policy_for_SCTP_protocol_at_the_specified_port
2024-02-07T13:26:33.1522114Z === RUN   TestNetworkPolicyV2Conformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'deny-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected
2024-02-07T13:26:33.2574606Z     admin-network-policy-core-ingress-sctp-rules.go:118: FAILED Command was [/agnhost connect --timeout=3s --protocol=sctp [fd00:10:244:3::193]:9003]
2024-02-07T13:26:33.2578431Z     admin-network-policy-core-ingress-sctp-rules.go:118: Expected connection to fail from network-policy-conformance-gryffindor/harry-potter-0 to fd00:10:244:3::193, but instead it successfully connected.
2024-02-07T13:26:33.2581502Z     admin-network-policy-core-ingress-sctp-rules.go:120: 
2024-02-07T13:26:33.2583135Z            Error Trace:    /home/runner/go/pkg/mod/sigs.k8s.io/network-policy-api@v0.1.2/conformance/tests/admin-network-policy-core-ingress-sctp-rules.go:120
2024-02-07T13:26:33.2584530Z            Error:          Not equal: 
2024-02-07T13:26:33.2584993Z                            expected: true
2024-02-07T13:26:33.2585449Z                            actual  : false
2024-02-07T13:26:33.2586814Z            Test:           TestNetworkPolicyV2Conformance/AdminNetworkPolicyIngressSCTP/Should_support_an_'deny-ingress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected
2024-02-07T13:26:33.3381644Z     admin-network-policy-core-ingress-sctp-rules.go:122: FAILED Command was [/agnhost connect --timeout=3s --protocol=sctp [fd00:10:244:3::193]:9005]
2024-02-07T13:26:33.3385048Z     admin-network-policy-core-ingress-sctp-rules.go:122: Expected connection to fail from network-policy-conformance-gryffindor/harry-potter-1 to fd00:10:244:3::193, but instead it successfully connected.
2024-02-07T13:26:33.3387400Z     admin-network-policy-core-ingress-sctp-rules.go:124: 
2024-02-07T13:26:33.3389838Z            Error Trace:    /home/runner/go/pkg/mod/sigs.k8s.io/network-policy-api@v0.1.2/conformance/tests/admin-network-policy-core-ingress-sctp-rules.go:124
2024-02-07T13:26:33.3391421Z            Error:          Not equal: 
2024-02-07T13:26:33.3392132Z                            expected: true
2024-02-07T13:26:33.3392765Z                            actual  : false
tssurya commented 5 months ago

I am looking into these, they are also happening in the IPV6 control plane. I am unable to tell if its the v6 infra or something else, but clearly it doesn't happen always.

tssurya commented 4 months ago

another one: https://github.com/ovn-org/ovn-kubernetes/actions/runs/8053130165/job/21995746175?pr=4106

=== RUN   TestNetworkPolicyV2Conformance/AdminNetworkPolicyEgressSCTP
    suite.go:187: Applying base/admin_network_policy/core-egress-sctp-rules.yaml
    apply.go:124: Creating egress-sctp AdminNetworkPolicy
=== RUN   TestNetworkPolicyV2Conformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'allow-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected
    admin-network-policy-core-egress-sctp-rules.go:62: FAILED Command was [/agnhost connect --timeout=3s --protocol=sctp [fd00:10:244:3::3]:9003]
    admin-network-policy-core-egress-sctp-rules.go:62: Expected connection to succeed from network-policy-conformance-ravenclaw/luna-lovegood-0 to fd00:10:244:3::3, but instead it miserably failed. stderr: TIMEOUT
    admin-network-policy-core-egress-sctp-rules.go:64: 
            Error Trace:    /home/runner/go/pkg/mod/sigs.k8s.io/network-policy-api@v0.1.2/conformance/tests/admin-network-policy-core-egress-sctp-rules.go:64
            Error:          Not equal: 
                            expected: true
                            actual  : false
            Test:           TestNetworkPolicyV2Conformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'allow-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected

and then everything fails after that..

tssurya commented 4 months ago

disabling these tests for v6 till we fix and re-enable them

tssurya commented 4 months ago 
=== RUN   TestNetworkPolicyV2Conformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'deny-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected
    admin-network-policy-core-egress-sctp-rules.go:119: FAILED Command was [/agnhost connect --timeout=3s --protocol=sctp 10.244.1.67:9003]
    admin-network-policy-core-egress-sctp-rules.go:119: Expected connection to fail from network-policy-conformance-ravenclaw/luna-lovegood-0 to 10.244.1.67, but instead it successfully connected.
    admin-network-policy-core-egress-sctp-rules.go:121: 
            Error Trace:    /home/runner/go/pkg/mod/sigs.k8s.io/network-policy-api@v0.1.2/conformance/tests/admin-network-policy-core-egress-sctp-rules.go:121
            Error:          Not equal: 
                            expected: true
                            actual  : false
            Test:           TestNetworkPolicyV2Conformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'deny-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected
    admin-network-policy-core-egress-sctp-rules.go:123: FAILED Command was [/agnhost connect --timeout=3s --protocol=sctp 10.244.1.67:9005]
    admin-network-policy-core-egress-sctp-rules.go:123: Expected connection to fail from network-policy-conformance-ravenclaw/luna-lovegood-1 to 10.244.1.67, but instead it successfully connected.
    admin-network-policy-core-egress-sctp-rules.go:125: 
            Error Trace:    /home/runner/go/pkg/mod/sigs.k8s.io/network-policy-api@v0.1.2/conformance/tests/admin-network-policy-core-egress-sctp-rules.go:125
            Error:          Not equal: 
                            expected: true
                            actual  : false
            Test:           TestNetworkPolicyV2Conformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'deny-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected

https://github.com/ovn-org/ovn-kubernetes/actions/runs/8053130165/job/21995743977?pr=4106 another one<=

martinkennelly commented 4 months ago

https://github.com/ovn-org/ovn-kubernetes/actions/runs/8062140206/job/22022264158?pr=4187

 === RUN   TestNetworkPolicyV2Conformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'deny-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected
2024-02-27T10:39:57.8810377Z     admin-network-policy-core-egress-sctp-rules.go:119: FAILED Command was [/agnhost connect --timeout=3s --protocol=sctp 10.244.1.40:9003]
2024-02-27T10:39:57.8814964Z     admin-network-policy-core-egress-sctp-rules.go:119: Expected connection to fail from network-policy-conformance-ravenclaw/luna-lovegood-0 to 10.244.1.40, but instead it successfully connected.
2024-02-27T10:39:57.8817621Z     admin-network-policy-core-egress-sctp-rules.go:121: 
2024-02-27T10:39:57.8819568Z            Error Trace:    /home/runner/go/pkg/mod/sigs.k8s.io/network-policy-api@v0.1.2/conformance/tests/admin-network-policy-core-egress-sctp-rules.go:121
2024-02-27T10:39:57.8821211Z            Error:          Not equal: 
2024-02-27T10:39:57.8821934Z                            expected: true
2024-02-27T10:39:57.8822652Z                            actual  : false
2024-02-27T10:39:57.8824894Z            Test:           TestNetworkPolicyV2Conformance/AdminNetworkPolicyEgressSCTP/Should_support_an_'deny-egress'_policy_for_SCTP_protocol;_ensure_rule_ordering_is_respected
tssurya commented 3 months ago

https://github.com/ovn-org/ovn-kubernetes/pull/4241#issuecomment-2058360075

SCTP seems to be flaking more than other protocols UGH