defenseunicorns · chance-coleman · May 18, 2026 · May 12, 2026 · May 12, 2026 · May 12, 2026
@@ -83,22 +83,82 @@ let curlPodNameEgress2 = "";
 let udpServerPodName = "";
 let udpClientPodName = "";
 
+async function waitForPodByLabel(namespace: string, labelSelector: string): Promise<string> {
+  const deadline = Date.now() + 120000;
+
+  while (Date.now() < deadline) {
+    const pods = await K8s(kind.Pod).InNamespace(namespace).WithLabel(labelSelector).Get();
+    const readyPod = pods.items.find(
+      pod =>
+        pod.status?.phase === "Running" &&
+        pod.status.containerStatuses?.every(status => status.ready) &&
+        !pod.metadata?.deletionTimestamp,
+    );
+
+    if (readyPod?.metadata?.name) {
+      return readyPod.metadata.name;
+    }
+
+    await new Promise(resolve => setTimeout(resolve, 2000));
+  }
+
+  throw new Error(`Timed out waiting for running pod in ${namespace} with label ${labelSelector}`);
+}
+
+async function restartUdpPods(): Promise<void> {
+  // Restart UDP server and client pods so they're fully settled before the test runs.
+  const serverPods = await K8s(kind.Pod)
+    .InNamespace("curl-ns-udp-server")
+    .WithLabel("app=udp-echo-server")
+    .Get();
+  for (const pod of serverPods.items) {
+    if (pod.metadata?.name) {
+      await K8s(kind.Pod).InNamespace("curl-ns-udp-server").Delete(pod.metadata.name);
+    }
+  }
+
+  const clientPods = await K8s(kind.Pod)
+    .InNamespace("curl-ns-udp-allow")
+    .WithLabel("app=udp-echo-client")
+    .Get();
+  for (const pod of clientPods.items) {
+    if (pod.metadata?.name) {
+      await K8s(kind.Pod).InNamespace("curl-ns-udp-allow").Delete(pod.metadata.name);
+    }
+  }
+
+  udpServerPodName = await waitForPodByLabel("curl-ns-udp-server", "app=udp-echo-server");
+  udpClientPodName = await waitForPodByLabel("curl-ns-udp-allow", "app=udp-echo-client");
+}
+
 beforeAll(async () => {
-  // Always fetch these pod names
-  curlPodName1 = await getPodName("curl-ns-deny-all-1", "app=curl-pkg-deny-all-1");
-  testAdminApp = await getPodName("test-admin-app", "app=httpbin");
-  curlPodName6 = await getPodName("curl-ns-remote-ns-1", "app=curl-pkg-remote-ns-egress");
-  curlPodName8 = await getPodName("curl-ns-kube-api", "app=curl-pkg-kube-api");
-  curlPodNameEgressAmbient1 = await getPodName("egress-ambient-1", "app=curl");
-  curlPodNameEgressAmbient2 = await getPodName("egress-ambient-2", "app=curl");
-  curlPodNameEgressAmbient3 = await getPodName("egress-ambient-2", "app=another-curl");
-  udpServerPodName = await getPodName("curl-ns-udp-server", "app=udp-echo-server");
-  udpClientPodName = await getPodName("curl-ns-udp-allow", "app=udp-echo-client");
-
-  // Only fetch egress pod names if egress tests will run
+  [
+    curlPodName1,
+    testAdminApp,
+    curlPodName6,
+    curlPodName8,
+    curlPodNameEgressAmbient1,
+    curlPodNameEgressAmbient2,
+    curlPodNameEgressAmbient3,
+    udpServerPodName,
+    udpClientPodName,
+  ] = await Promise.all([
+    getPodName("curl-ns-deny-all-1", "app=curl-pkg-deny-all-1"),
+    getPodName("test-admin-app", "app=httpbin"),
+    getPodName("curl-ns-remote-ns-1", "app=curl-pkg-remote-ns-egress"),
+    getPodName("curl-ns-kube-api", "app=curl-pkg-kube-api"),
+    getPodName("egress-ambient-1", "app=curl"),
+    getPodName("egress-ambient-2", "app=curl"),
+    getPodName("egress-ambient-2", "app=another-curl"),
+    getPodName("curl-ns-udp-server", "app=udp-echo-server"),
+    getPodName("curl-ns-udp-allow", "app=udp-echo-client"),
+  ]);
+
   if (runEgressTests) {
-    curlPodNameEgress1 = await getPodName("egress-gw-1", "app=curl");
-    curlPodNameEgress2 = await getPodName("egress-gw-2", "app=curl");
+    [curlPodNameEgress1, curlPodNameEgress2] = await Promise.all([
+      getPodName("egress-gw-1", "app=curl"),
+      getPodName("egress-gw-2", "app=curl"),
+    ]);
   }
 });
 
@@ -524,7 +584,10 @@ test(
   },
 );
 
-test("UDP NetworkPolicy - custom allow and deny", { retry: 2, timeout: 60000 }, async () => {
+test("UDP NetworkPolicy - custom allow and deny", { retry: 2, timeout: 120000 }, async () => {
+  // Restart UDP pods so they reach a settled state before the test asserts delivery.
+  await restartUdpPods();
+
   // Both execInPod calls run concurrently: the server nc blocks waiting for a UDP packet
   // and the client sends after a short delay. We check the server's stdout to verify
   // whether the packet arrived, with no echo mechanism required.