search

ovn-org / ovn-kubernetes

A robust Kubernetes networking platform
https://ovn-kubernetes.io/
Apache License 2.0
768 stars 334 forks source link

ANP: Allow ANPs at the same priority and add events #4413

Closed tssurya closed 3 weeks ago

tssurya commented 1 month ago

What this PR does and why is it needed

See https://github.com/kubernetes-sigs/network-policy-api/issues/216 for details

Special notes for reviewers

We want to change the stance in OVNK about how we treated ANPs at same priority. Moving forward we will allow multiple ANPs at same priority and emit events for users.

Before this PR we were saying that the second ANP at the same priority will not be allowed to be created, but now onwards that won't be the case. - we are allowed to have

How to verify it

Unit tests have been updated

coveralls commented 1 month ago

Coverage Status

coverage: 52.757%. remained the same when pulling 014b1c5d967ae93081ab89edd58f0f2373b92ed0 on tssurya:anp-allow-anp-at-same-priority into 16da3ced728dc9c4fbe6bdece7a6f37d4edf4d6e on ovn-org:master.

tssurya commented 4 weeks ago

@trozet / @dceara : I hit the flake here: https://github.com/ovn-org/ovn-kubernetes/actions/runs/9317986672/job/25650454117?pr=4413 for that ICMP test on v4 ; wondering if the flake is because of the known bug or something else :)

I'll open an u/s issue to track this if I see it happening again.

tssurya commented 3 weeks ago

@flavio-fernandes : PTAL

flavio-fernandes commented 3 weeks ago

Hit flake https://github.com/ovn-org/ovn-kubernetes/issues/4144

https://github.com/ovn-org/ovn-kubernetes/actions/runs/9414617767/job/25934979357?pr=4413

2024-06-07T10:01:27.4332454Z   Jun  7 10:01:27.432: INFO: Checking the ovnkube-node and ovnkube-master (ovnkube-cluster-manager if interconnect=true) healthcheck ports in use
2024-06-07T10:01:27.4335681Z   Jun  7 10:01:27.432: INFO: Running '/usr/local/bin/kubectl --server=https://127.0.0.1:38421 --kubeconfig=/home/runner/ovn.conf --namespace=ovn-kubernetes get daemonset/ovnkube-node -o=jsonpath='{.spec.template.spec.containers[?(@.name=="ovnkube-controller")].env[?(@.name=="OVN_EGRESSIP_HEALTHCHECK_PORT")].value}''
tssurya commented 3 weeks ago

the flake is unrelated:

Summarizing 1 Failure:
  [FAIL] e2e egress IP validation [OVN network] Using different methods to disable a node's availability for egress Should validate the egress IP functionality against remote hosts [It] disabling egress nodes impeding GRCP health check
  /home/runner/work/ovn-kubernetes/ovn-kubernetes/test/e2e/egressip.go:470

https://github.com/ovn-org/ovn-kubernetes/actions/runs/9414617767/job/25934979357?pr=4413 merging this PR