Drop old sdn multitenant tests

test/extended/networking had a handful of tests whose primary purpose
was to validate the difference between Subnet and Multitenant mode in
openshift-sdn. These are no longer relevant. (There are upstream e2e
tests for basic networking functionality if you don't care about the
isolation distinction).

Author: danwinship

test/extended/networking/isolation.go

@@ -19,73 +19,7 @@ import (
 )
 
 var _ = Describe("[sig-network] services", func() {
-	Context("basic functionality", func() {
-		f1 := e2e.NewDefaultFramework("net-services1")
-		// TODO(sur): verify if privileged is really necessary in a follow-up
-		f1.NamespacePodSecurityLevel = admissionapi.LevelPrivileged
-
-		It("should allow connections to another pod on the same node via a service IP", func() {
-			Expect(checkServiceConnectivity(f1, f1, SAME_NODE)).To(Succeed())
-		})
-
-		It("should allow connections to another pod on a different node via a service IP", func() {
-			Expect(checkServiceConnectivity(f1, f1, DIFFERENT_NODE)).To(Succeed())
-		})
-	})
-
-	InNonIsolatingContext(func() {
-		f1 := e2e.NewDefaultFramework("net-services1")
-		// TODO(sur): verify if privileged is really necessary in a follow-up
-		f1.NamespacePodSecurityLevel = admissionapi.LevelPrivileged
-		f2 := e2e.NewDefaultFramework("net-services2")
-		// TODO(sur): verify if privileged is really necessary in a follow-up
-		f2.NamespacePodSecurityLevel = admissionapi.LevelPrivileged
-
-		It("should allow connections to pods in different namespaces on the same node via service IPs", func() {
-			Expect(checkServiceConnectivity(f1, f2, SAME_NODE)).To(Succeed())
-		})
-
-		It("should allow connections to pods in different namespaces on different nodes via service IPs", func() {
-			Expect(checkServiceConnectivity(f1, f2, DIFFERENT_NODE)).To(Succeed())
-		})
-	})
-
 	oc := exutil.NewCLIWithPodSecurityLevel("ns-global", admissionapi.LevelBaseline)
-
-	InIsolatingContext(func() {
-		f1 := e2e.NewDefaultFramework("net-services1")
-		// TODO(sur): verify if privileged is really necessary in a follow-up
-		f1.NamespacePodSecurityLevel = admissionapi.LevelPrivileged
-		f2 := e2e.NewDefaultFramework("net-services2")
-		// TODO(sur): verify if privileged is really necessary in a follow-up
-		f2.NamespacePodSecurityLevel = admissionapi.LevelPrivileged
-
-		It("should prevent connections to pods in different namespaces on the same node via service IPs", func() {
-			Expect(checkServiceConnectivity(f1, f2, SAME_NODE)).NotTo(Succeed())
-		})
-
-		It("should prevent connections to pods in different namespaces on different nodes via service IPs", func() {
-			Expect(checkServiceConnectivity(f1, f2, DIFFERENT_NODE)).NotTo(Succeed())
-		})
-
-		It("should allow connections to services in the default namespace from a pod in another namespace on the same node", func() {
-			makeNamespaceGlobal(oc, f1.Namespace)
-			Expect(checkServiceConnectivity(f1, f2, SAME_NODE)).To(Succeed())
-		})
-		It("should allow connections to services in the default namespace from a pod in another namespace on a different node", func() {
-			makeNamespaceGlobal(oc, f1.Namespace)
-			Expect(checkServiceConnectivity(f1, f2, DIFFERENT_NODE)).To(Succeed())
-		})
-		It("should allow connections from pods in the default namespace to a service in another namespace on the same node", func() {
-			makeNamespaceGlobal(oc, f2.Namespace)
-			Expect(checkServiceConnectivity(f1, f2, SAME_NODE)).To(Succeed())
-		})
-		It("should allow connections from pods in the default namespace to a service in another namespace on a different node", func() {
-			makeNamespaceGlobal(oc, f2.Namespace)
-			Expect(checkServiceConnectivity(f1, f2, DIFFERENT_NODE)).To(Succeed())
-		})
-	})
-
 	var retryInterval = 1 * time.Minute
 
 	InIPv4ClusterContext(oc, func() {

test/extended/networking/services.go

@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"math/rand"
 	"net"
-	"os"
 	"os/exec"
 	"path/filepath"
 	"strconv"
@@ -21,7 +20,6 @@ import (
 	projectv1 "github.com/openshift/api/project/v1"
 	configv1client "github.com/openshift/client-go/config/clientset/versioned"
 	networkclient "github.com/openshift/client-go/network/clientset/versioned/typed/network/v1"
-	"github.com/openshift/library-go/pkg/network/networkutils"
 	exutil "github.com/openshift/origin/test/extended/util"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -33,7 +31,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
-	"k8s.io/apiserver/pkg/storage/names"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/kubernetes"
 	k8sclient "k8s.io/client-go/kubernetes"
@@ -282,29 +279,6 @@ func networkPluginName() string {
 	return *cachedNetworkPluginName
 }
 
-func pluginIsolatesNamespaces() bool {
-	if os.Getenv("NETWORKING_E2E_ISOLATION") == "true" {
-		return true
-	}
-	// Assume that only the OpenShift SDN "multitenant" plugin isolates by default
-	return openshiftSDNMode() == networkutils.MultiTenantPluginName
-}
-
-func pluginImplementsNetworkPolicy() bool {
-	switch {
-	case os.Getenv("NETWORKING_E2E_NETWORKPOLICY") == "true":
-		return true
-	case networkPluginName() == OpenshiftSDNPluginName && openshiftSDNMode() == networkutils.NetworkPolicyPluginName:
-		return true
-	case networkPluginName() == OVNKubernetesPluginName:
-		return true
-	default:
-		// If we can't detect the plugin, we assume it doesn't support
-		// NetworkPolicy, so the tests will work under kubenet
-		return false
-	}
-}
-
 func makeNamespaceGlobal(oc *exutil.CLI, ns *corev1.Namespace) {
 	clientConfig := oc.AdminConfig()
 	networkClient := networkclient.NewForConfigOrDie(clientConfig)
@@ -432,92 +406,6 @@ func findAppropriateNodes(f *e2e.Framework, nodeType NodeType) (*corev1.Node, *c
 	return &candidates[0], &candidates[0], nil
 }
 
-func checkPodIsolation(f1, f2 *e2e.Framework, nodeType NodeType) error {
-	makeNamespaceScheduleToAllNodes(f1)
-	makeNamespaceScheduleToAllNodes(f2)
-	serverNode, clientNode, err := findAppropriateNodes(f1, nodeType)
-	if err != nil {
-		return err
-	}
-	podName := "isolation-webserver"
-	defer f1.ClientSet.CoreV1().Pods(f1.Namespace.Name).Delete(context.Background(), podName, metav1.DeleteOptions{})
-	ip := exutil.LaunchWebserverPod(f1.ClientSet, f1.Namespace.Name, podName, serverNode.Name)
-
-	return checkConnectivityToHost(f2, clientNode.Name, "isolation-wget", ip, 10*time.Second)
-}
-
-func checkServiceConnectivity(serverFramework, clientFramework *e2e.Framework, nodeType NodeType) error {
-	makeNamespaceScheduleToAllNodes(serverFramework)
-	makeNamespaceScheduleToAllNodes(clientFramework)
-	serverNode, clientNode, err := findAppropriateNodes(serverFramework, nodeType)
-	if err != nil {
-		return err
-	}
-	podName := names.SimpleNameGenerator.GenerateName("service-")
-	defer serverFramework.ClientSet.CoreV1().Pods(serverFramework.Namespace.Name).Delete(context.Background(), podName, metav1.DeleteOptions{})
-	defer serverFramework.ClientSet.CoreV1().Services(serverFramework.Namespace.Name).Delete(context.Background(), podName, metav1.DeleteOptions{})
-	ip := launchWebserverService(serverFramework.ClientSet, serverFramework.Namespace.Name, podName, serverNode.Name)
-
-	return checkConnectivityToHost(clientFramework, clientNode.Name, "service-wget", ip, 10*time.Second)
-}
-
-func InNonIsolatingContext(body func()) {
-	Context("when using a plugin in a mode that does not isolate namespaces by default", func() {
-		BeforeEach(func() {
-			if pluginIsolatesNamespaces() {
-				e2eskipper.Skipf("This plugin isolates namespaces by default.")
-			}
-		})
-
-		body()
-	})
-}
-
-func InIsolatingContext(body func()) {
-	Context("when using a plugin in a mode that isolates namespaces by default", func() {
-		BeforeEach(func() {
-			if !pluginIsolatesNamespaces() {
-				e2eskipper.Skipf("This plugin does not isolate namespaces by default.")
-			}
-		})
-
-		body()
-	})
-}
-
-func InNetworkPolicyContext(body func()) {
-	Context("when using a plugin that implements NetworkPolicy", func() {
-		BeforeEach(func() {
-			if !pluginImplementsNetworkPolicy() {
-				e2eskipper.Skipf("This plugin does not implement NetworkPolicy.")
-			}
-		})
-
-		body()
-	})
-}
-
-func InopenshiftSDNModeContext(plugins []string, body func()) {
-	Context(fmt.Sprintf("when using one of the OpenshiftSDN modes '%s'", strings.Join(plugins, ", ")),
-		func() {
-			BeforeEach(func() {
-				found := false
-				for _, plugin := range plugins {
-					if openshiftSDNMode() == plugin {
-						found = true
-						break
-					}
-				}
-				if !found {
-					e2eskipper.Skipf("Not using one of the specified OpenshiftSDN modes")
-				}
-			})
-
-			body()
-		},
-	)
-}
-
 func InOpenShiftSDNContext(body func()) {
 	Context("when using openshift-sdn",
 		func() {