diff --git a/build/charts/antrea/crds/clusternetworkpolicy.yaml b/build/charts/antrea/crds/clusternetworkpolicy.yaml index 4402a3a4548..2f9ac6017c7 100644 --- a/build/charts/antrea/crds/clusternetworkpolicy.yaml +++ b/build/charts/antrea/crds/clusternetworkpolicy.yaml @@ -640,6 +640,7 @@ spec: type: string scope: type: string + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml index e1a38d3b82b..270de23ec96 100644 --- a/build/yamls/antrea-aks.yml +++ b/build/yamls/antrea-aks.yml @@ -1018,6 +1018,7 @@ spec: type: string scope: type: string + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: diff --git a/build/yamls/antrea-crds.yml b/build/yamls/antrea-crds.yml index 6cf3a870d2c..b2300c4d3c8 100644 --- a/build/yamls/antrea-crds.yml +++ b/build/yamls/antrea-crds.yml @@ -1011,6 +1011,7 @@ spec: type: string scope: type: string + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml index 74bb38889e5..2b77e2bee3f 100644 --- a/build/yamls/antrea-eks.yml +++ b/build/yamls/antrea-eks.yml @@ -1018,6 +1018,7 @@ spec: type: string scope: type: string + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml index 5cf5519776c..3504bd178a8 100644 --- a/build/yamls/antrea-gke.yml +++ b/build/yamls/antrea-gke.yml @@ -1018,6 +1018,7 @@ spec: type: string scope: type: string + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml index da2ced7f36f..6ed6ceb9b37 100644 --- a/build/yamls/antrea-ipsec.yml +++ b/build/yamls/antrea-ipsec.yml @@ -1018,6 +1018,7 @@ spec: type: string scope: type: string + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml index cbc18c4695b..3ee14a61517 100644 --- a/build/yamls/antrea.yml +++ b/build/yamls/antrea.yml @@ -1018,6 +1018,7 @@ spec: type: string scope: type: string + enum: [ 'Cluster', 'ClusterSet' ] name: type: string enableLogging: diff --git a/multicluster/test/e2e/service_test.go b/multicluster/test/e2e/service_test.go index 1cb3572d448..34138f7d012 100644 --- a/multicluster/test/e2e/service_test.go +++ b/multicluster/test/e2e/service_test.go @@ -170,25 +170,48 @@ func (data *MCTestData) testANPToServices(t *testing.T) { eastGwClientName := getClusterGatewayClientPodName(eastCluster) eastRegularClientName := getClusterRegularClientPodName(eastCluster) - // Verify that ACNP ToServices works fine with the new Multi-cluster Service. - anpBuilder := &e2euttils.AntreaNetworkPolicySpecBuilder{} - anpBuilder = anpBuilder.SetName(multiClusterTestNamespace, "block-west-exported-service"). + // Verify that ANP ToServices works fine with the new Multi-cluster Service. + anpBuilder1 := &e2euttils.AntreaNetworkPolicySpecBuilder{} + anpBuilder1 = anpBuilder1.SetName(multiClusterTestNamespace, "block-west-exported-service"). SetPriority(1.0). SetAppliedToGroup([]e2euttils.ANPAppliedToSpec{{PodSelector: map[string]string{"app": "client"}}}). AddToServicesRule([]crdv1alpha1.PeerService{{ Name: mcWestClusterTestService, Namespace: multiClusterTestNamespace}, }, "", nil, crdv1alpha1.RuleActionDrop) - if _, err := data.createOrUpdateANP(eastCluster, anpBuilder.Get()); err != nil { - t.Fatalf("Error creating ANP %s: %v", anpBuilder.Name, err) + if _, err := data.createOrUpdateANP(eastCluster, anpBuilder1.Get()); err != nil { + t.Fatalf("Error creating ANP %s: %v", anpBuilder1.Name, err) } - defer data.deleteANP(eastCluster, multiClusterTestNamespace, anpBuilder.Name) connectivity := data.probeFromPodInCluster(eastCluster, multiClusterTestNamespace, eastGwClientName, "client", eastIP, mcWestClusterTestService, 80, corev1.ProtocolTCP) assert.Equal(t, antreae2e.Dropped, connectivity, "Failure -- wrong result from probing exported Service from gateway clientPod after applying toServices AntreaNetworkPolicy") connectivity = data.probeFromPodInCluster(eastCluster, multiClusterTestNamespace, eastRegularClientName, "client", eastIP, mcWestClusterTestService, 80, corev1.ProtocolTCP) assert.Equal(t, antreae2e.Dropped, connectivity, "Failure -- wrong result from probing exported Service from regular clientPod after applying toServices AntreaNetworkPolicy") + + data.deleteANP(eastCluster, multiClusterTestNamespace, anpBuilder1.Name) + + // Verify that ANP ToServices with scope works fine. + anpBuilder2 := &e2euttils.AntreaNetworkPolicySpecBuilder{} + anpBuilder2 = anpBuilder2.SetName(multiClusterTestNamespace, "block-west-service-cluster-scope"). + SetPriority(1.0). + SetAppliedToGroup([]e2euttils.ANPAppliedToSpec{{PodSelector: map[string]string{"app": "client"}}}). + AddToServicesRule([]crdv1alpha1.PeerService{{ + Name: westClusterTestService, + Namespace: multiClusterTestNamespace, + Scope: "ClusterSet", + }}, "", nil, crdv1alpha1.RuleActionDrop) + if _, err := data.createOrUpdateANP(eastCluster, anpBuilder2.Get()); err != nil { + t.Fatalf("Error creating ANP %s: %v", anpBuilder2.Name, err) + } + defer data.deleteANP(eastCluster, multiClusterTestNamespace, anpBuilder2.Name) + + connectivity = data.probeFromPodInCluster(eastCluster, multiClusterTestNamespace, eastGwClientName, "client", eastIP, westClusterTestService, 80, corev1.ProtocolTCP) + assert.Equal(t, antreae2e.Dropped, connectivity, "Failure -- wrong result from probing exported Service from gateway clientPod after applying toServices AntreaNetworkPolicy") + + connectivity = data.probeFromPodInCluster(eastCluster, multiClusterTestNamespace, eastRegularClientName, "client", eastIP, westClusterTestService, 80, corev1.ProtocolTCP) + assert.Equal(t, antreae2e.Dropped, connectivity, "Failure -- wrong result from probing exported Service from regular clientPod after applying toServices AntreaNetworkPolicy") + } func (data *MCTestData) testStretchedNetworkPolicy(t *testing.T) {