From a536ccfa1dbd1d1b6e46003af9367c369422fb37 Mon Sep 17 00:00:00 2001 From: Dan Winship Date: Tue, 6 Jun 2017 09:26:34 -0400 Subject: [PATCH] Test NetworkPolicy plugin (if the kernel supports it) --- test/extended/networking.sh | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/test/extended/networking.sh b/test/extended/networking.sh index 0fca53206689..764ca007dcba 100755 --- a/test/extended/networking.sh +++ b/test/extended/networking.sh @@ -16,7 +16,7 @@ export SHELLOPTS # # The EmptyDir test is a canary; it will fail if mount propagation is # not properly configured on the host. -NETWORKING_E2E_FOCUS="${NETWORKING_E2E_FOCUS:-etworking|EmptyDir volumes should support \(root,0644,tmpfs\)}" +NETWORKING_E2E_FOCUS="${NETWORKING_E2E_FOCUS:-etworking|Feature:OSNetworkPolicy|EmptyDir volumes should support \(root,0644,tmpfs\)}" NETWORKING_E2E_SKIP="${NETWORKING_E2E_SKIP:-}" DEFAULT_SKIP_LIST=( @@ -313,6 +313,25 @@ function disable-selinux() { fi } +function kernel-supports-networkpolicy() { + # There's really no good way to test this "correctly" if OVS isn't installed. + # The mainline kernel got support for OVS NAT support in 4.6. RHEL kernels have + # it in 3.10.0-514 and later. + version="$(uname -r)" + case "${version}" in + 3.10.0-*.el7.*) + build=$(sed -e 's/.*-\([0-9]*\)\..*/\1/' <<< "${version}") + if [[ "${build}" -lt 514 ]]; then + return 1 + fi + ;; + [0-3].*|4.[0-5].*) + return 1 + ;; + esac + return 0 +} + os::log::info "Starting 'networking' extended tests" if [[ -n "${CONFIG_ROOT}" ]]; then KUBECONFIG="$(get-kubeconfig-from-root "${CONFIG_ROOT}")" @@ -377,11 +396,16 @@ else # Docker-in-docker is not compatible with selinux disable-selinux - # Skip the subnet tests during a minimal test run + # Skip subnet and networkpolicy tests during a minimal test run if [[ -z "${NETWORKING_E2E_MINIMAL}" ]]; then # Ignore deployment errors for a given plugin to allow other plugins # to be tested. test-osdn-plugin "subnet" "redhat/openshift-ovs-subnet" "false" "false" || true + if kernel-supports-networkpolicy; then + test-osdn-plugin "networkpolicy" "redhat/openshift-ovs-networkpolicy" "false" "true" || true + else + os::log::warning "Skipping networkpolicy tests due to kernel version" + fi fi test-osdn-plugin "multitenant" "redhat/openshift-ovs-multitenant" "true" "false" || true