antrea icon indicating copy to clipboard operation
antrea copied to clipboard

Published 20 hours ago verified publisher icon antrea-io

ACNP IngressPolicy not working for Flexible IPAM pods

Open KMAnju-2021 opened this issue 10 months ago • 2 comments

Describe the bug

acnp ingress policy not working only for one case in kind cluster: when src Pod is IPAM-pod without vlan and destination pod is IPAM-pod with vlan (11,12).

To Reproduce

  1. create kind cluster
  2. apply antrea.yml with enableIPAM feature.
  3. apply ingress acnp

apiVersion: crd.antrea.io/v1beta1 kind: ClusterNetworkPolicy metadata: name: acnp-with-drop-a spec: priority: 1 appliedTo: - podSelector: matchLabels: pod: a ingress: - action: Drop from: - podSelector: {} enableLogging: true

  1. Run TestAntreaIPAMAntreaPolicy/TestGroupNoK8sNP/Case=ACNPIngressDrop test

Expected

destination pod should drop the packets

Actual behavior

kubectl exec -it antrea-ipam-testa-cf59ccc97-bq5w9 -n antrea-ipam-test -- sh Defaulted container "c80" out of: c80, c81, c8080, c8081, c8082, c8083, c8084, c8085 / # curl 192.168.242.100:81 curl: (1) Received HTTP/0.9 when not allowed

/ # /agnhost connect 192.168.242.100:81 --timeout=1s --protocol=tcp && echo "CONNECTED" CONNECTED / # /agnhost connect 192.168.241.100:81 --timeout=1s --protocol=tcp && echo "CONNECTED" CONNECTED

KMAnju-2021 avatar Apr 18 '24 07:04 KMAnju-2021