Skip to content

Instantly share code, notes, and snippets.

@astoycos

astoycos/gist:72a9e48be8b1da174dde821c5bccf8d1

Last active January 26, 2023 02:17
Show Gist options
  • Save astoycos/72a9e48be8b1da174dde821c5bccf8d1 to your computer and use it in GitHub Desktop.
Save astoycos/72a9e48be8b1da174dde821c5bccf8d1 to your computer and use it in GitHub Desktop.
Download ZIP
Bpfd_ignfw_passing_e2e
Raw
gistfile1.md

This Describes how to spin up BPFD with IGNFW from https://github.com/astoycos/ingress-node-firewall/tree/bpfd-integration

  1. (from https://github.com/redhat-et/bpfd) Spinup bpfd + Kind
cd bpfd-operator && make run-on-kind
  1. (from https://github.com/astoycos/ingress-node-firewall/tree/bpfd-integration) Deploy the ignfw XDP program via bpfd
 kubectl apply -f pkg/ebpf/ignfw_bpf_config.yaml
  1. (from https://github.com/astoycos/ingress-node-firewall/tree/bpfd-integration) Deploy the IGNFW Operator
make deploy-kind
  1. Apply appropriate labels to bpfd-kind worker nodes
kubectl label node bpfd-deployment-worker do-node-ingress-firewall="true" node-role.kubernetes.io/worker="" --overwrite=true
kubectl label node bpfd-deployment-worker2 do-node-ingress-firewall="true" node-role.kubernetes.io/worker="" --overwrite=true
  1. (from https://github.com/astoycos/ingress-node-firewall/tree/bpfd-integration) Run the ignfw e2e tests
[astoycos@localhost ingress-node-firewall]$ make test-e2e
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/bin/controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./..."
go fmt ./...
go vet ./...
==== Generating DaemonSet manifest
hack/generate-daemon-manifest.sh
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
cp bundle/manifests/* manifests/stable
rm -rf /tmp/test_validation_logs/
mkdir -p /tmp/test_validation_logs/
go test --tags=validationtests -v ./test/e2e/validation -ginkgo.v -junit /tmp/test_validation_logs/ -report /tmp/test_validation_logs/ 
=== RUN   TestValidation
Running Suite: Ingress Node Firewall Operator Validation Suite
==============================================================
Random Seed: 1674589139
Will run 4 of 4 specs

IngressNodeFirewall IngressNodeFirewall 
  should have the IngressNodeFirewall Operator deployment in running state
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/validation/tests/validation.go:33
•
------------------------------
IngressNodeFirewall IngressNodeFirewall 
  should have the IngressNodeFirewallConfig CRD available in the cluster
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/validation/tests/validation.go:55
•
------------------------------
IngressNodeFirewall IngressNodeFirewall 
  should have the IngressNodeFirewall CRD available in the cluster
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/validation/tests/validation.go:61
•
------------------------------
IngressNodeFirewall IngressNodeFirewall 
  should have the IngressNodeFirewallNodeState CRD available in the cluster
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/validation/tests/validation.go:67
•
JUnit report was created: /tmp/test_validation_logs/validation_junit.xml

Ran 4 of 4 Specs in 0.031 seconds
SUCCESS! -- 4 Passed | 0 Failed | 0 Pending | 0 Skipped

You're using deprecated Ginkgo functionality:
=============================================
Ginkgo 2.0 is under active development and will introduce several new features, improvements, and a small handful of breaking changes.
A release candidate for 2.0 is now available and 2.0 should GA in Fall 2021.  Please give the RC a try and send us feedback!
  - To learn more, view the migration guide at https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md
  - For instructions on using the Release Candidate visit https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md#using-the-beta
  - To comment, chime in at https://github.com/onsi/ginkgo/issues/711

  You are using a custom reporter.  Support for custom reporters will likely be removed in V2.  Most users were using them to generate junit or teamcity reports and this functionality will be merged into the core reporter.  In addition, Ginkgo 2.0 will support emitting a JSON-formatted report that users can then manipulate to generate custom reports.

  If this change will be impactful to you please leave a comment on https://github.com/onsi/ginkgo/issues/711
  Learn more at: https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md#removed-custom-reporters

To silence deprecations that can be silenced set the following environment variable:
  ACK_GINKGO_DEPRECATIONS=1.16.5

--- PASS: TestValidation (0.04s)
PASS
ok      github.com/openshift/ingress-node-firewall/test/e2e/validation  0.097s
rm -rf /tmp/test_e2e_logs/
mkdir -p /tmp/test_e2e_logs/
go test -timeout 20m --tags=e2etests -v ./test/e2e/functional -ginkgo.v -junit /tmp/test_e2e_logs/ -report /tmp/test_e2e_logs/ 
=== RUN   TestE2E
Running Suite: Ingress Node Firewall Operator E2E Suite
=======================================================
Random Seed: 1674589141
Will run 19 of 19 specs

Ingress Node Firewall IngressNodeFirewall 
  block a port with a single rule defining the destinations port
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created

• [SLOW TEST:20.603 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  IngressNodeFirewall
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:131
    block a port with a single rule defining the destinations port
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  block a port using a range when multiple source CIDRs exist
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created

• [SLOW TEST:28.301 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  IngressNodeFirewall
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:131
    block a port using a range when multiple source CIDRs exist
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  block multiple ports
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-two"
STEP: [IPV4] Checking if drop events created

• [SLOW TEST:10.827 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  IngressNodeFirewall
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:131
    block multiple ports
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  block port when rules for a source CIDR are located in multiple IngressNodeFirewall objects
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created

• [SLOW TEST:5.893 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  IngressNodeFirewall
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:131
    block port when rules for a source CIDR are located in multiple IngressNodeFirewall objects
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  merges transport protocol rules when source CIDRs overlap in multiple IngressNodeFirewalls and the count of source CIDRs for each policy is different
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created

• [SLOW TEST:11.623 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  IngressNodeFirewall
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:131
    merges transport protocol rules when source CIDRs overlap in multiple IngressNodeFirewalls and the count of source CIDRs for each policy is different
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  merges multiple IngressNodeFirewalls which contain multiple ingress entries with protocol rules for all protocols
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-three" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-four" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created

• [SLOW TEST:63.811 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  IngressNodeFirewall
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:131
    merges multiple IngressNodeFirewalls which contain multiple ingress entries with protocol rules for all protocols
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  block port when rules for a source CIDR are located in multiple IngressNodeFirewall objects
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created

• [SLOW TEST:5.828 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  IngressNodeFirewall
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:131
    block port when rules for a source CIDR are located in multiple IngressNodeFirewall objects
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  merges transport protocol rules when source CIDRs overlap in multiple IngressNodeFirewalls but the number of source CIDRs in each policy is different
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol UDP from pod "e2e-inf-client-two" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created

• [SLOW TEST:11.616 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  IngressNodeFirewall
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:131
    merges transport protocol rules when source CIDRs overlap in multiple IngressNodeFirewalls but the number of source CIDRs in each policy is different
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  block ICMP echo request
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol ICMP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created

• [SLOW TEST:13.180 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  IngressNodeFirewall
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:131
    block ICMP echo request
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  non existent interface name doesn't block application of IngressNodeFirewall policy for valid interface
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
•
------------------------------
Ingress Node Firewall IngressNodeFirewall 
  non existent interface name in unrelated IngressNodeFirewall doesn't block application of new IngressNodeFirewalls policies
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:852
STEP: [IPV4] Confirm connectivity before IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Confirm IngressNodeFirewall policy application for protocol TCP from pod "e2e-inf-client-one" to destination pod "e2e-inf-server-one"
STEP: [IPV4] Checking if drop events created
•
------------------------------
Ingress Node Firewall Statistics 
  should expose at least one endpoint via a daemon metrics service
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1082
•
------------------------------
Ingress Node Firewall Statistics 
  should expose daemon metrics
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1109

• [SLOW TEST:34.797 seconds]
Ingress Node Firewall
/home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:115
  Statistics
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1047
    should expose daemon metrics
    /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1109
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall TCP rule
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1279
•
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall UDP rule
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1291
•
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall ICMPV4 rule
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1303
•
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall ICMPV6 rule
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1315
•
------------------------------
Ingress Node Firewall Webhook 
  should allow valid ingressnodefirewall SCTP rule
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1327
•
------------------------------
Ingress Node Firewall Webhook 
  should block any rules which conflict with failsafe rules
  /home/astoycos/go/src/github.com/openshift/ingress-node-firewall/test/e2e/functional/tests/e2e.go:1339
•
JUnit report was created: /tmp/test_e2e_logs/e2e_junit.xml

Ran 19 of 19 Specs in 218.401 seconds
SUCCESS! -- 19 Passed | 0 Failed | 0 Pending | 0 Skipped

You're using deprecated Ginkgo functionality:
=============================================
Ginkgo 2.0 is under active development and will introduce several new features, improvements, and a small handful of breaking changes.
A release candidate for 2.0 is now available and 2.0 should GA in Fall 2021.  Please give the RC a try and send us feedback!
  - To learn more, view the migration guide at https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md
  - For instructions on using the Release Candidate visit https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md#using-the-beta
  - To comment, chime in at https://github.com/onsi/ginkgo/issues/711

  You are using a custom reporter.  Support for custom reporters will likely be removed in V2.  Most users were using them to generate junit or teamcity reports and this functionality will be merged into the core reporter.  In addition, Ginkgo 2.0 will support emitting a JSON-formatted report that users can then manipulate to generate custom reports.

  If this change will be impactful to you please leave a comment on https://github.com/onsi/ginkgo/issues/711
  Learn more at: https://github.com/onsi/ginkgo/blob/ver2/docs/MIGRATING_TO_V2.md#removed-custom-reporters

To silence deprecations that can be silenced set the following environment variable:
  ACK_GINKGO_DEPRECATIONS=1.16.5

--- PASS: TestE2E (218.42s)
PASS
ok      github.com/openshift/ingress-node-firewall/test/e2e/functional  218.489s
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment