Merge pull request #5348 from jcaamano/vrf-lite-e2e

Add VRF-Lite e2e test cases

Author: trozet

dist/templates/ovn-setup.yaml.j2

@@ -89,7 +89,9 @@ spec:
   networkSelectors:
     - networkSelectionType: DefaultNetwork
   nodeSelector: {}
-  frrConfigurationSelector: {}
+  frrConfigurationSelector:
+    matchLabels:
+      name: receive-all
   advertisements:
     - "PodNetwork"
 {%- endif %}

go-controller/pkg/clustermanager/routeadvertisements/controller.go

@@ -951,10 +951,18 @@ func (c *Controller) updateRAStatus(ra *ratypes.RouteAdvertisements, hadUpdates
 		return nil
 	}
 
+	var updateStatus bool
 	condition := meta.FindStatusCondition(ra.Status.Conditions, "Accepted")
-	updateStatus := hadUpdates || condition == nil || condition.ObservedGeneration != ra.Generation
-	updateStatus = updateStatus || err != nil
-
+	switch {
+	case condition == nil:
+		fallthrough
+	case condition.ObservedGeneration != ra.Generation:
+		fallthrough
+	case (err == nil) != (condition.Status == metav1.ConditionTrue):
+		fallthrough
+	case hadUpdates:
+		updateStatus = true
+	}
 	if !updateStatus {
 		return nil
 	}

go-controller/pkg/clustermanager/routeadvertisements/controller_test.go

@@ -47,6 +47,7 @@ type testRA struct {
 	SelectsDefault           bool
 	AdvertisePods            bool
 	AdvertiseEgressIPs       bool
+	Status                   *metav1.ConditionStatus
 }
 
 func (tra testRA) RouteAdvertisements() *ratypes.RouteAdvertisements {
@@ -92,6 +93,9 @@ func (tra testRA) RouteAdvertisements() *ratypes.RouteAdvertisements {
 			MatchLabels: tra.FRRConfigurationSelector,
 		}
 	}
+	if tra.Status != nil {
+		ra.Status.Conditions = []metav1.Condition{{Type: "Accepted", Status: *tra.Status}}
+	}
 	return ra
 }
 
@@ -776,6 +780,38 @@ func TestController_reconcile(t *testing.T) {
 			},
 			expectNADAnnotations: map[string]map[string]string{"default": {types.OvnRouteAdvertisementsKey: "[\"ra\"]"}, "red": {types.OvnRouteAdvertisementsKey: "[\"ra\"]"}},
 		},
+		{
+			name: "reconciles RouteAdvertisements status even when no other updates are required",
+			ra:   &testRA{Name: "ra", AdvertisePods: true, AdvertiseEgressIPs: true, SelectsDefault: true, Status: ptr.To(metav1.ConditionFalse)},
+			frrConfigs: []*testFRRConfig{
+				{
+					Name:      "frrConfig",
+					Namespace: frrNamespace,
+					Routers: []*testRouter{
+						{ASN: 1, Prefixes: []string{"1.1.1.0/24"}, Neighbors: []*testNeighbor{
+							{ASN: 1, Address: "1.0.0.100"},
+						}},
+					},
+				},
+				{
+					Labels:       map[string]string{types.OvnRouteAdvertisementsKey: "ra"},
+					Annotations:  map[string]string{types.OvnRouteAdvertisementsKey: "ra/frrConfig/node"},
+					NodeSelector: map[string]string{"kubernetes.io/hostname": "node"},
+					Routers: []*testRouter{
+						{ASN: 1, Prefixes: []string{"1.0.1.1/32", "1.1.0.0/24"}, Neighbors: []*testNeighbor{
+							{ASN: 1, Address: "1.0.0.100", Advertise: []string{"1.0.1.1/32", "1.1.0.0/24"}, Receive: []string{"1.1.0.0/16/24"}},
+						}},
+					},
+				},
+			},
+			nads: []*testNAD{
+				{Name: "default", Namespace: "ovn-kubernetes", Network: "default", Annotations: map[string]string{types.OvnRouteAdvertisementsKey: "[\"ra\"]"}},
+			},
+			nodes:                []*testNode{{Name: "node", SubnetsAnnotation: "{\"default\":\"1.1.0.0/24\"}"}},
+			eips:                 []*testEIP{{Name: "eip", EIPs: map[string]string{"node": "1.0.1.1"}}},
+			reconcile:            "ra",
+			expectAcceptedStatus: metav1.ConditionTrue,
+		},
 		{
 			name: "fails to reconcile a secondary network",
 			ra:   &testRA{Name: "ra", AdvertisePods: true, NetworkSelector: map[string]string{"selected": "true"}},
@@ -1005,11 +1041,6 @@ func TestController_reconcile(t *testing.T) {
 
 			c := NewController(nm.Interface(), wf, fakeClientset)
 
-			// prime the default network NAD
-			if defaultNAD == nil {
-				defaultNAD, err = c.getOrCreateDefaultNetworkNAD()
-				g.Expect(err).ToNot(gomega.HaveOccurred())
-			}
 			// prime the default network NAD namespace
 			namespace := &corev1.Namespace{
 				ObjectMeta: metav1.ObjectMeta{
@@ -1018,11 +1049,15 @@ func TestController_reconcile(t *testing.T) {
 			}
 			_, err = fakeClientset.KubeClient.CoreV1().Namespaces().Create(context.Background(), namespace, metav1.CreateOptions{})
 			g.Expect(err).ToNot(gomega.HaveOccurred())
-
-			// update it with the annotation that network manager would set
-			defaultNAD.Annotations = map[string]string{types.OvnNetworkNameAnnotation: types.DefaultNetworkName}
-			_, err = fakeClientset.NetworkAttchDefClient.K8sCniCncfIoV1().NetworkAttachmentDefinitions(defaultNAD.Namespace).Update(context.Background(), defaultNAD, metav1.UpdateOptions{})
-			g.Expect(err).ToNot(gomega.HaveOccurred())
+			// prime the default network NAD
+			if defaultNAD == nil {
+				defaultNAD, err = c.getOrCreateDefaultNetworkNAD()
+				g.Expect(err).ToNot(gomega.HaveOccurred())
+				// update it with the annotation that network manager would set
+				defaultNAD.Annotations = map[string]string{types.OvnNetworkNameAnnotation: types.DefaultNetworkName}
+				_, err = fakeClientset.NetworkAttchDefClient.K8sCniCncfIoV1().NetworkAttachmentDefinitions(defaultNAD.Namespace).Update(context.Background(), defaultNAD, metav1.UpdateOptions{})
+				g.Expect(err).ToNot(gomega.HaveOccurred())
+			}
 
 			err = wf.Start()
 			g.Expect(err).ToNot(gomega.HaveOccurred())
@@ -1039,7 +1074,13 @@ func TestController_reconcile(t *testing.T) {
 			)
 
 			err = nm.Start()
-			g.Expect(err).ToNot(gomega.HaveOccurred())
+			// some test cases start with a bad RA status, avoid asserting
+			// initial sync in this case as it will fail
+			if tt.ra == nil || tt.ra.Status == nil || *tt.ra.Status == metav1.ConditionTrue {
+				g.Expect(err).ToNot(gomega.HaveOccurred())
+			} else {
+				g.Expect(err).To(gomega.HaveOccurred())
+			}
 			// we just need the inital sync
 			nm.Stop()
 

test/e2e/deploymentconfig/api/api.go

@@ -4,6 +4,7 @@ package api
 // Remove when OVN-Kubernetes exposes its config via an API.
 type DeploymentConfig interface {
 	OVNKubernetesNamespace() string
+	FRRK8sNamespace() string
 	ExternalBridgeName() string
 	PrimaryInterfaceName() string
 }

test/e2e/deploymentconfig/configs/kind/kind.go

@@ -33,6 +33,10 @@ func (k kind) OVNKubernetesNamespace() string {
 	return "ovn-kubernetes"
 }
 
+func (k kind) FRRK8sNamespace() string {
+	return "frr-k8s-system"
+}
+
 func (k kind) ExternalBridgeName() string {
 	return "breth0"
 }

test/e2e/e2e.go

@@ -712,7 +712,7 @@ var _ = ginkgo.Describe("e2e control plane", func() {
 		}
 		secondaryExternalContainerPort := infraprovider.Get().GetExternalContainerPort()
 		secondaryExternalContainerSpec := infraapi.ExternalContainer{Name: "e2e-ovn-k", Image: images.AgnHost(),
-			Network: secondaryProviderNetwork, Args: getAgnHostHTTPPortBindCMDArgs(secondaryExternalContainerPort), ExtPort: secondaryExternalContainerPort}
+			Network: secondaryProviderNetwork, CmdArgs: getAgnHostHTTPPortBindCMDArgs(secondaryExternalContainerPort), ExtPort: secondaryExternalContainerPort}
 		ginkgo.By("creating container on secondary provider network")
 		secondaryExternalContainer, err = providerCtx.CreateExternalContainer(secondaryExternalContainerSpec)
 		framework.ExpectNoError(err, "failed to create external container")
@@ -1275,7 +1275,7 @@ var _ = ginkgo.Describe("e2e ingress traffic validation", func() {
 			framework.ExpectNoError(err, "failed to get primary network")
 			externalContainerPort := infraprovider.Get().GetExternalContainerPort()
 			externalContainer = infraapi.ExternalContainer{Name: "e2e-ingress", Image: images.AgnHost(), Network: primaryProviderNetwork,
-				Args: getAgnHostHTTPPortBindCMDArgs(externalContainerPort), ExtPort: externalContainerPort}
+				CmdArgs: getAgnHostHTTPPortBindCMDArgs(externalContainerPort), ExtPort: externalContainerPort}
 			externalContainer, err = providerCtx.CreateExternalContainer(externalContainer)
 			framework.ExpectNoError(err, "failed to create external service", externalContainer.String())
 		})
@@ -1672,7 +1672,7 @@ var _ = ginkgo.Describe("e2e ingress traffic validation", func() {
 			framework.ExpectNoError(err, "failed to get primary network")
 			externalContainerPort := infraprovider.Get().GetExternalContainerPort()
 			externalContainer = infraapi.ExternalContainer{Name: "e2e-ingress-add-more", Image: images.AgnHost(), Network: primaryProviderNetwork,
-				Args: getAgnHostHTTPPortBindCMDArgs(externalContainerPort), ExtPort: externalContainerPort}
+				CmdArgs: getAgnHostHTTPPortBindCMDArgs(externalContainerPort), ExtPort: externalContainerPort}
 			externalContainer, err = providerCtx.CreateExternalContainer(externalContainer)
 			framework.ExpectNoError(err, "external container %s must be created successfully", externalContainer.Name)
 
@@ -1834,7 +1834,7 @@ var _ = ginkgo.Describe("e2e ingress to host-networked pods traffic validation",
 			framework.ExpectNoError(err, "failed to get primary network")
 			externalContainerPort := infraprovider.Get().GetExternalContainerPort()
 			externalContainer = infraapi.ExternalContainer{Name: clientContainerName, Image: images.AgnHost(), Network: primaryProviderNetwork,
-				Args: getAgnHostHTTPPortBindCMDArgs(externalContainerPort), ExtPort: externalContainerPort}
+				CmdArgs: getAgnHostHTTPPortBindCMDArgs(externalContainerPort), ExtPort: externalContainerPort}
 			externalContainer, err = providerCtx.CreateExternalContainer(externalContainer)
 			framework.ExpectNoError(err, "external container %s must be created successfully", externalContainer.Name)
 		})
@@ -1943,7 +1943,7 @@ var _ = ginkgo.Describe("e2e br-int flow monitoring export validation", func() {
 			primaryProviderNetwork, err := infraprovider.Get().PrimaryNetwork()
 			framework.ExpectNoError(err, "failed to get primary network")
 			collectorExternalContainer := infraapi.ExternalContainer{Name: getContainerName(collectorPort), Image: "cloudflare/goflow",
-				Network: primaryProviderNetwork, Args: []string{"-kafka=false"}, ExtPort: collectorPort}
+				Network: primaryProviderNetwork, CmdArgs: []string{"-kafka=false"}, ExtPort: collectorPort}
 			collectorExternalContainer, err = providerCtx.CreateExternalContainer(collectorExternalContainer)
 			if err != nil {
 				framework.Failf("failed to start flow collector container %s: %v", getContainerName(collectorPort), err)

test/e2e/egress_firewall.go

@@ -197,7 +197,7 @@ var _ = ginkgo.Describe("e2e egress firewall policy validation", feature.EgressF
 				Name:    externalContainerName1,
 				Image:   images.AgnHost(),
 				Network: primaryProviderNetwork,
-				Args:    []string{"netexec", fmt.Sprintf("--http-port=%d", externalContainer1Port)},
+				CmdArgs: []string{"netexec", fmt.Sprintf("--http-port=%d", externalContainer1Port)},
 				ExtPort: externalContainer1Port,
 			}
 			externalContainer1, err = providerCtx.CreateExternalContainer(externalContainer1Spec)
@@ -210,7 +210,7 @@ var _ = ginkgo.Describe("e2e egress firewall policy validation", feature.EgressF
 				Name:    externalContainerName2,
 				Image:   images.AgnHost(),
 				Network: primaryProviderNetwork,
-				Args:    []string{"netexec", fmt.Sprintf("--http-port=%d", externalContainer2Port)},
+				CmdArgs: []string{"netexec", fmt.Sprintf("--http-port=%d", externalContainer2Port)},
 				ExtPort: externalContainer2Port,
 			}
 			externalContainer2, err = providerCtx.CreateExternalContainer(externalContainer2Spec)

test/e2e/egress_services.go

@@ -85,7 +85,7 @@ var _ = ginkgo.Describe("EgressService", feature.EgressService, func() {
 		framework.ExpectNoError(err, "failed to get primary provider network")
 		externalContainer = infraapi.ExternalContainer{Name: externalContainerName, Image: images.AgnHost(),
 			Network: primaryProviderNetwork, ExtPort: 8080,
-			Args: getAgnHostHTTPPortBindCMDArgs(8080)}
+			CmdArgs: getAgnHostHTTPPortBindCMDArgs(8080)}
 		externalContainer, err = providerCtx.CreateExternalContainer(externalContainer)
 		framework.ExpectNoError(err, "failed to create external container")
 	})
@@ -1239,7 +1239,7 @@ metadata:
 				ginkgo.By(fmt.Sprintf("Creating container %s", net.containerName))
 				// Setting the --hostname here is important since later we poke the container's /hostname endpoint
 				extContainerSecondaryNet := infraapi.ExternalContainer{Name: net.containerName, Image: images.AgnHost(), Network: network,
-					Args: []string{"netexec", "--http-port=8080"}, ExtPort: 8080}
+					CmdArgs: []string{"netexec", "--http-port=8080"}, ExtPort: 8080}
 				extContainerSecondaryNet, err = providerCtx.CreateExternalContainer(extContainerSecondaryNet)
 				ginkgo.By(fmt.Sprintf("Adding a listener for the shared IPv4 %s on %s", sharedIPv4, net.containerName))
 				out, err := infraprovider.Get().ExecExternalContainerCommand(extContainerSecondaryNet, []string{"ip", "address", "add", sharedIPv4 + "/32", "dev", "lo"})

test/e2e/egressip.go

@@ -219,7 +219,7 @@ func isSupportedAgnhostForEIP(externalContainer infraapi.ExternalContainer) bool
 	if externalContainer.Image != images.AgnHost() {
 		return false
 	}
-	if !util.SliceHasStringItem(externalContainer.Args, "netexec") {
+	if !util.SliceHasStringItem(externalContainer.CmdArgs, "netexec") {
 		return false
 	}
 	return true
@@ -754,13 +754,13 @@ var _ = ginkgo.DescribeTableSubtree("e2e egress IP validation", feature.EgressIP
 		// attach containers to the primary network
 		primaryTargetExternalContainerPort := infraprovider.Get().GetExternalContainerPort()
 		primaryTargetExternalContainerSpec := infraapi.ExternalContainer{Name: targetNodeName, Image: images.AgnHost(),
-			Network: primaryProviderNetwork, Args: getAgnHostHTTPPortBindCMDArgs(primaryTargetExternalContainerPort), ExtPort: primaryTargetExternalContainerPort}
+			Network: primaryProviderNetwork, CmdArgs: getAgnHostHTTPPortBindCMDArgs(primaryTargetExternalContainerPort), ExtPort: primaryTargetExternalContainerPort}
 		primaryTargetExternalContainer, err = providerCtx.CreateExternalContainer(primaryTargetExternalContainerSpec)
 		framework.ExpectNoError(err, "failed to create external target container on primary network", primaryTargetExternalContainerSpec.String())
 
 		primaryDeniedExternalContainerPort := infraprovider.Get().GetExternalContainerPort()
 		primaryDeniedExternalContainerSpec := infraapi.ExternalContainer{Name: deniedTargetNodeName, Image: images.AgnHost(),
-			Network: primaryProviderNetwork, Args: getAgnHostHTTPPortBindCMDArgs(primaryDeniedExternalContainerPort), ExtPort: primaryDeniedExternalContainerPort}
+			Network: primaryProviderNetwork, CmdArgs: getAgnHostHTTPPortBindCMDArgs(primaryDeniedExternalContainerPort), ExtPort: primaryDeniedExternalContainerPort}
 		primaryDeniedExternalContainer, err = providerCtx.CreateExternalContainer(primaryDeniedExternalContainerSpec)
 		framework.ExpectNoError(err, "failed to create external denied container on primary network", primaryDeniedExternalContainer.String())
 
@@ -791,7 +791,7 @@ var _ = ginkgo.DescribeTableSubtree("e2e egress IP validation", feature.EgressIP
 			Name:    targetSecondaryNodeName,
 			Image:   images.AgnHost(),
 			Network: secondaryProviderNetwork,
-			Args:    getAgnHostHTTPPortBindCMDArgs(secondaryTargetExternalContainerPort),
+			CmdArgs: getAgnHostHTTPPortBindCMDArgs(secondaryTargetExternalContainerPort),
 			ExtPort: secondaryTargetExternalContainerPort,
 		}
 		secondaryTargetExternalContainer, err = providerCtx.CreateExternalContainer(secondaryTargetExternalContainerSpec)
@@ -972,7 +972,7 @@ spec:
 				if isClusterDefaultNetwork(netConfigParams) {
 					pod2IP = getPodAddress(pod2Name, f.Namespace.Name)
 				} else {
-					pod2IP, err = podIPsForUserDefinedPrimaryNetwork(
+					pod2IP, err = getPodAnnotationIPsForAttachmentByIndex(
 						f.ClientSet,
 						f.Namespace.Name,
 						pod2Name,
@@ -2125,7 +2125,7 @@ spec:
 		providerPrimaryNetwork, err := infraprovider.Get().PrimaryNetwork()
 		framework.ExpectNoError(err, "failed to get providers primary network")
 		externalContainerPrimary := infraapi.ExternalContainer{Name: "external-container-for-egressip-mtu-test", Image: images.AgnHost(),
-			Network: providerPrimaryNetwork, Args: []string{"pause"}, ExtPort: externalContainerPrimaryPort}
+			Network: providerPrimaryNetwork, CmdArgs: []string{"pause"}, ExtPort: externalContainerPrimaryPort}
 		externalContainerPrimary, err = providerCtx.CreateExternalContainer(externalContainerPrimary)
 		framework.ExpectNoError(err, "failed to create external container: %s", externalContainerPrimary.String())