| /* |
| Copyright 2014 The Kubernetes Authors. |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| */ |
| |
| package network |
| |
| import ( |
| "context" |
| "fmt" |
| "strconv" |
| "strings" |
| |
| v1 "k8s.io/api/core/v1" |
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" |
| "k8s.io/apimachinery/pkg/util/sets" |
| utilwait "k8s.io/apimachinery/pkg/util/wait" |
| "k8s.io/kubernetes/pkg/cluster/ports" |
| "k8s.io/kubernetes/test/e2e/feature" |
| "k8s.io/kubernetes/test/e2e/framework" |
| e2enetwork "k8s.io/kubernetes/test/e2e/framework/network" |
| e2enode "k8s.io/kubernetes/test/e2e/framework/node" |
| e2epod "k8s.io/kubernetes/test/e2e/framework/pod" |
| e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper" |
| e2essh "k8s.io/kubernetes/test/e2e/framework/ssh" |
| "k8s.io/kubernetes/test/e2e/network/common" |
| "k8s.io/kubernetes/test/e2e/storage/utils" |
| admissionapi "k8s.io/pod-security-admission/api" |
| |
| "github.com/onsi/ginkgo/v2" |
| ) |
| |
| // checkConnectivityToHost launches a pod to test connectivity to the specified |
| // host. An error will be returned if the host is not reachable from the pod. |
| // |
| // An empty nodeName will use the schedule to choose where the pod is executed. |
| func checkConnectivityToHost(ctx context.Context, f *framework.Framework, nodeName, podName, host string, port, timeout int) error { |
| command := []string{ |
| "nc", |
| "-vz", |
| "-w", strconv.Itoa(timeout), |
| host, |
| strconv.Itoa(port), |
| } |
| |
| pod := e2epod.NewAgnhostPod(f.Namespace.Name, podName, nil, nil, nil) |
| pod.Spec.Containers[0].Command = command |
| pod.Spec.Containers[0].Args = nil // otherwise 'pause` is magically an argument to nc, which causes all hell to break loose |
| nodeSelection := e2epod.NodeSelection{Name: nodeName} |
| e2epod.SetNodeSelection(&pod.Spec, nodeSelection) |
| pod.Spec.RestartPolicy = v1.RestartPolicyNever |
| |
| podClient := f.ClientSet.CoreV1().Pods(f.Namespace.Name) |
| _, err := podClient.Create(ctx, pod, metav1.CreateOptions{}) |
| if err != nil { |
| return err |
| } |
| err = e2epod.WaitForPodSuccessInNamespace(ctx, f.ClientSet, podName, f.Namespace.Name) |
| |
| if err != nil { |
| logs, logErr := e2epod.GetPodLogs(ctx, f.ClientSet, f.Namespace.Name, pod.Name, pod.Spec.Containers[0].Name) |
| if logErr != nil { |
| framework.Logf("Warning: Failed to get logs from pod %q: %v", pod.Name, logErr) |
| } else { |
| framework.Logf("pod %s/%s logs:\n%s", f.Namespace.Name, pod.Name, logs) |
| } |
| } |
| |
| return err |
| } |
| |
| var _ = common.SIGDescribe("Networking", func() { |
| var svcname = "nettest" |
| f := framework.NewDefaultFramework(svcname) |
| f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged |
| |
| f.It("should provide Internet connection for containers", feature.NetworkingIPv4, func(ctx context.Context) { |
| ginkgo.By("Running container which tries to connect to 8.8.8.8") |
| framework.ExpectNoError( |
| checkConnectivityToHost(ctx, f, "", "connectivity-test", "8.8.8.8", 53, 30)) |
| }) |
| |
| f.It("should provide Internet connection for containers", feature.NetworkingIPv6, "[Experimental][LinuxOnly]", func(ctx context.Context) { |
| // IPv6 is not supported on Windows. |
| e2eskipper.SkipIfNodeOSDistroIs("windows") |
| ginkgo.By("Running container which tries to connect to 2001:4860:4860::8888") |
| framework.ExpectNoError( |
| checkConnectivityToHost(ctx, f, "", "connectivity-test", "2001:4860:4860::8888", 53, 30)) |
| }) |
| |
| f.It("should provider Internet connection for containers using DNS", feature.NetworkingDNS, func(ctx context.Context) { |
| ginkgo.By("Running container which tries to connect to google.com") |
| framework.ExpectNoError( |
| checkConnectivityToHost(ctx, f, "", "connectivity-test", "google.com", 80, 30)) |
| }) |
| |
| // First test because it has no dependencies on variables created later on. |
| ginkgo.It("should provide unchanging, static URL paths for kubernetes api services", func(ctx context.Context) { |
| tests := []struct { |
| path string |
| }{ |
| {path: "/healthz"}, |
| {path: "/api"}, |
| {path: "/apis"}, |
| {path: "/metrics"}, |
| {path: "/openapi/v2"}, |
| {path: "/version"}, |
| // TODO: test proxy links here |
| } |
| if !framework.ProviderIs("gke", "skeleton") { |
| tests = append(tests, struct{ path string }{path: "/logs"}) |
| } |
| for _, test := range tests { |
| ginkgo.By(fmt.Sprintf("testing: %s", test.path)) |
| data, err := f.ClientSet.CoreV1().RESTClient().Get(). |
| AbsPath(test.path). |
| DoRaw(ctx) |
| if err != nil { |
| framework.Failf("ginkgo.Failed: %v\nBody: %s", err, string(data)) |
| } |
| } |
| }) |
| |
| ginkgo.It("should check kube-proxy urls", func(ctx context.Context) { |
| // TODO: this is overkill we just need the host networking pod |
| // to hit kube-proxy urls. |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.UseHostNetwork) |
| |
| ginkgo.By("checking kube-proxy URLs") |
| config.GetSelfURL(ctx, ports.ProxyHealthzPort, "/healthz", "200 OK") |
| // Verify /healthz returns the proper content. |
| config.GetSelfURL(ctx, ports.ProxyHealthzPort, "/healthz", "lastUpdated") |
| // Verify /proxyMode returns http status code 200. |
| config.GetSelfURLStatusCode(ctx, ports.ProxyStatusPort, "/proxyMode", "200") |
| }) |
| |
| ginkgo.Describe("Granular Checks: Services", func() { |
| |
| ginkgo.It("should function for pod-Service: http", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(http) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err := config.DialFromTestContainer(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(http) %v --> %v:%v (nodeIP)", config.TestContainerPod.Name, config.NodeIP, config.NodeHTTPPort)) |
| |
| err = config.DialFromTestContainer(ctx, "http", config.NodeIP, config.NodeHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| ginkgo.It("should function for pod-Service: udp", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterUDPPort)) |
| err := config.DialFromTestContainer(ctx, "udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v (nodeIP)", config.TestContainerPod.Name, config.NodeIP, config.NodeUDPPort)) |
| err = config.DialFromTestContainer(ctx, "udp", config.NodeIP, config.NodeUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| f.It("should function for pod-Service: sctp", feature.SCTPConnectivity, func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.EnableSCTP) |
| ginkgo.By(fmt.Sprintf("dialing(sctp) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterSCTPPort)) |
| err := config.DialFromTestContainer(ctx, "sctp", config.ClusterIP, e2enetwork.ClusterSCTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(sctp) %v --> %v:%v (nodeIP)", config.TestContainerPod.Name, config.NodeIP, config.NodeSCTPPort)) |
| err = config.DialFromTestContainer(ctx, "sctp", config.NodeIP, config.NodeSCTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| ginkgo.It("should function for node-Service: http", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.UseHostNetwork) |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (node) --> %v:%v (config.clusterIP)", config.NodeIP, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err := config.DialFromNode(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (node) --> %v:%v (nodeIP)", config.NodeIP, config.NodeIP, config.NodeHTTPPort)) |
| err = config.DialFromNode(ctx, "http", config.NodeIP, config.NodeHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| ginkgo.It("should function for node-Service: udp", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.UseHostNetwork) |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v (node) --> %v:%v (config.clusterIP)", config.NodeIP, config.ClusterIP, e2enetwork.ClusterUDPPort)) |
| err := config.DialFromNode(ctx, "udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v (node) --> %v:%v (nodeIP)", config.NodeIP, config.NodeIP, config.NodeUDPPort)) |
| err = config.DialFromNode(ctx, "udp", config.NodeIP, config.NodeUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| f.It("should function for node-Service: sctp", feature.SCTPConnectivity, func(ctx context.Context) { |
| ginkgo.Skip("Skipping SCTP node to service test until DialFromNode supports SCTP #96482") |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.EnableSCTP) |
| ginkgo.By(fmt.Sprintf("dialing(sctp) %v (node) --> %v:%v (config.clusterIP)", config.NodeIP, config.ClusterIP, e2enetwork.ClusterSCTPPort)) |
| err := config.DialFromNode(ctx, "sctp", config.ClusterIP, e2enetwork.ClusterSCTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(sctp) %v (node) --> %v:%v (nodeIP)", config.NodeIP, config.NodeIP, config.NodeSCTPPort)) |
| err = config.DialFromNode(ctx, "sctp", config.NodeIP, config.NodeSCTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| ginkgo.It("should function for endpoint-Service: http", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (endpoint) --> %v:%v (config.clusterIP)", config.EndpointPods[0].Name, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err := config.DialFromEndpointContainer(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (endpoint) --> %v:%v (nodeIP)", config.EndpointPods[0].Name, config.NodeIP, config.NodeHTTPPort)) |
| err = config.DialFromEndpointContainer(ctx, "http", config.NodeIP, config.NodeHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| ginkgo.It("should function for endpoint-Service: udp", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v (endpoint) --> %v:%v (config.clusterIP)", config.EndpointPods[0].Name, config.ClusterIP, e2enetwork.ClusterUDPPort)) |
| err := config.DialFromEndpointContainer(ctx, "udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v (endpoint) --> %v:%v (nodeIP)", config.EndpointPods[0].Name, config.NodeIP, config.NodeUDPPort)) |
| err = config.DialFromEndpointContainer(ctx, "udp", config.NodeIP, config.NodeUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| f.It("should function for endpoint-Service: sctp", feature.SCTPConnectivity, func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.EnableSCTP) |
| ginkgo.By(fmt.Sprintf("dialing(sctp) %v (endpoint) --> %v:%v (config.clusterIP)", config.EndpointPods[0].Name, config.ClusterIP, e2enetwork.ClusterSCTPPort)) |
| err := config.DialFromEndpointContainer(ctx, "sctp", config.ClusterIP, e2enetwork.ClusterSCTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By(fmt.Sprintf("dialing(sctp) %v (endpoint) --> %v:%v (nodeIP)", config.EndpointPods[0].Name, config.NodeIP, config.NodeSCTPPort)) |
| err = config.DialFromEndpointContainer(ctx, "sctp", config.NodeIP, config.NodeSCTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| // This test ensures that in a situation where multiple services exist with the same selector, |
| // deleting one of the services does not affect the connectivity of the remaining service |
| ginkgo.It("should function for multiple endpoint-Services with same selector", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By("creating a second service with same selector") |
| svc2, httpPort := createSecondNodePortService(ctx, f, config) |
| |
| // original service should work |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (endpoint) --> %v:%v (config.clusterIP)", config.EndpointPods[0].Name, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err := config.DialFromEndpointContainer(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (endpoint) --> %v:%v (nodeIP)", config.EndpointPods[0].Name, config.NodeIP, config.NodeHTTPPort)) |
| err = config.DialFromEndpointContainer(ctx, "http", config.NodeIP, config.NodeHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| // Dial second service |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (endpoint) --> %v:%v (svc2.clusterIP)", config.EndpointPods[0].Name, svc2.Spec.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err = config.DialFromEndpointContainer(ctx, "http", svc2.Spec.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (endpoint) --> %v:%v (nodeIP)", config.EndpointPods[0].Name, config.NodeIP, httpPort)) |
| err = config.DialFromEndpointContainer(ctx, "http", config.NodeIP, httpPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By("deleting the original node port service") |
| config.DeleteNodePortService(ctx) |
| |
| // Second service should continue to function unaffected |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (endpoint) --> %v:%v (svc2.clusterIP)", config.EndpointPods[0].Name, svc2.Spec.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err = config.DialFromEndpointContainer(ctx, "http", svc2.Spec.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (endpoint) --> %v:%v (nodeIP)", config.EndpointPods[0].Name, config.NodeIP, httpPort)) |
| err = config.DialFromEndpointContainer(ctx, "http", config.NodeIP, httpPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| ginkgo.It("should update endpoints: http", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(http) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err := config.DialFromTestContainer(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint (initial), %v", err) |
| } |
| ginkgo.By("Deleting a pod which, will be replaced with a new endpoint") |
| config.DeleteNetProxyPod(ctx) |
| |
| ginkgo.By(fmt.Sprintf("dialing(http) %v --> %v:%v (config.clusterIP) (endpoint recovery)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err = config.DialFromTestContainer(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, config.MaxTries, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint (recovery), %v", err) |
| } |
| }) |
| |
| ginkgo.It("should update endpoints: udp", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterUDPPort)) |
| err := config.DialFromTestContainer(ctx, "udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint (initial), %v", err) |
| } |
| ginkgo.By("Deleting a pod which, will be replaced with a new endpoint") |
| config.DeleteNetProxyPod(ctx) |
| |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v (config.clusterIP) (endpoint recovery)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterUDPPort)) |
| err = config.DialFromTestContainer(ctx, "udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, config.MaxTries, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint (recovery), %v", err) |
| } |
| }) |
| |
| // Slow because we confirm that the nodePort doesn't serve traffic, which requires a period of polling. |
| f.It("should update nodePort: http", f.WithSlow(), func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.UseHostNetwork) |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (node) --> %v:%v (ctx, nodeIP) and getting ALL host endpoints", config.NodeIP, config.NodeIP, config.NodeHTTPPort)) |
| err := config.DialFromNode(ctx, "http", config.NodeIP, config.NodeHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("Error dialing http from node: %v", err) |
| } |
| ginkgo.By("Deleting the node port access point") |
| config.DeleteNodePortService(ctx) |
| |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (node) --> %v:%v (nodeIP) and getting ZERO host endpoints", config.NodeIP, config.NodeIP, config.NodeHTTPPort)) |
| // #106770 MaxTries can be very large on large clusters, with the risk that a new NodePort is created by another test and start to answer traffic. |
| // Since we only want to assert that traffic is not being forwarded anymore and the retry timeout is 2 seconds, consider the test is correct |
| // if the service doesn't answer after 10 tries. |
| err = config.DialFromNode(ctx, "http", config.NodeIP, config.NodeHTTPPort, 10, 10, sets.NewString()) |
| if err != nil { |
| framework.Failf("Failure validating that node port service STOPPED removed properly: %v", err) |
| } |
| }) |
| |
| // quick validation of udp, next test confirms that this services update as well after endpoints are removed, but is slower. |
| ginkgo.It("should support basic nodePort: udp functionality", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.UseHostNetwork) |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v (node) --> %v:%v (nodeIP) and getting ALL host endpoints", config.NodeIP, config.NodeIP, config.NodeUDPPort)) |
| err := config.DialFromNode(ctx, "udp", config.NodeIP, config.NodeUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("Failure validating that nodePort service WAS forwarding properly: %v", err) |
| } |
| }) |
| |
| // Slow because we confirm that the nodePort doesn't serve traffic, which requires a period of polling. |
| f.It("should update nodePort: udp", f.WithSlow(), func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.UseHostNetwork) |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v (node) --> %v:%v (nodeIP) and getting ALL host endpoints", config.NodeIP, config.NodeIP, config.NodeUDPPort)) |
| err := config.DialFromNode(ctx, "udp", config.NodeIP, config.NodeUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("Failure validating that nodePort service WAS forwarding properly: %v", err) |
| } |
| |
| ginkgo.By("Deleting the node port access point") |
| config.DeleteNodePortService(ctx) |
| |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v (node) --> %v:%v (nodeIP) and getting ZERO host endpoints", config.NodeIP, config.NodeIP, config.NodeUDPPort)) |
| // #106770 MaxTries can be very large on large clusters, with the risk that a new NodePort is created by another test and start to answer traffic. |
| // Since we only want to assert that traffic is not being forwarded anymore and the retry timeout is 2 seconds, consider the test is correct |
| // if the service doesn't answer after 10 tries. |
| err = config.DialFromNode(ctx, "udp", config.NodeIP, config.NodeUDPPort, 10, 10, sets.NewString()) |
| if err != nil { |
| framework.Failf("Failure validating that node port service STOPPED removed properly: %v", err) |
| } |
| }) |
| |
| // [LinuxOnly]: Windows does not support session affinity. |
| ginkgo.It("should function for client IP based session affinity: http [LinuxOnly]", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(http) %v --> %v:%v", config.TestContainerPod.Name, config.SessionAffinityService.Spec.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| |
| // Check if number of endpoints returned are exactly one. |
| eps, err := config.GetEndpointsFromTestContainer(ctx, "http", config.SessionAffinityService.Spec.ClusterIP, e2enetwork.ClusterHTTPPort, e2enetwork.SessionAffinityChecks) |
| if err != nil { |
| framework.Failf("ginkgo.Failed to get endpoints from test container, error: %v", err) |
| } |
| if len(eps) == 0 { |
| framework.Failf("Unexpected no endpoints return") |
| } |
| if len(eps) > 1 { |
| framework.Failf("Unexpected endpoints return: %v, expect 1 endpoints", eps) |
| } |
| }) |
| |
| // [LinuxOnly]: Windows does not support session affinity. |
| ginkgo.It("should function for client IP based session affinity: udp [LinuxOnly]", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v", config.TestContainerPod.Name, config.SessionAffinityService.Spec.ClusterIP, e2enetwork.ClusterUDPPort)) |
| |
| // Check if number of endpoints returned are exactly one. |
| eps, err := config.GetEndpointsFromTestContainer(ctx, "udp", config.SessionAffinityService.Spec.ClusterIP, e2enetwork.ClusterUDPPort, e2enetwork.SessionAffinityChecks) |
| if err != nil { |
| framework.Failf("ginkgo.Failed to get endpoints from test container, error: %v", err) |
| } |
| if len(eps) == 0 { |
| framework.Failf("Unexpected no endpoints return") |
| } |
| if len(eps) > 1 { |
| framework.Failf("Unexpected endpoints return: %v, expect 1 endpoints", eps) |
| } |
| }) |
| |
| ginkgo.It("should be able to handle large requests: http", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(http) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| message := strings.Repeat("42", 1000) |
| err := config.DialEchoFromTestContainer(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, message) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| ginkgo.It("should be able to handle large requests: udp", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f) |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterUDPPort)) |
| message := "n" + strings.Repeat("o", 1999) |
| err := config.DialEchoFromTestContainer(ctx, "udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, 0, message) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| }) |
| |
| // if the endpoints pods use hostNetwork, several tests can't run in parallel |
| // because the pods will try to acquire the same port in the host. |
| // We run the test in serial, to avoid port conflicts. |
| ginkgo.It("should function for service endpoints using hostNetwork", func(ctx context.Context) { |
| config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.UseHostNetwork, e2enetwork.EndpointsUseHostNetwork) |
| |
| ginkgo.By("pod-Service(hostNetwork): http") |
| |
| ginkgo.By(fmt.Sprintf("dialing(http) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err := config.DialFromTestContainer(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(http) %v --> %v:%v (nodeIP)", config.TestContainerPod.Name, config.NodeIP, config.NodeHTTPPort)) |
| err = config.DialFromTestContainer(ctx, "http", config.NodeIP, config.NodeHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By("pod-Service(hostNetwork): udp") |
| |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterUDPPort)) |
| err = config.DialFromTestContainer(ctx, "udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v (nodeIP)", config.TestContainerPod.Name, config.NodeIP, config.NodeUDPPort)) |
| err = config.DialFromTestContainer(ctx, "udp", config.NodeIP, config.NodeUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By("node-Service(hostNetwork): http") |
| |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (node) --> %v:%v (config.clusterIP)", config.NodeIP, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| err = config.DialFromNode(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(http) %v (node) --> %v:%v (nodeIP)", config.NodeIP, config.NodeIP, config.NodeHTTPPort)) |
| err = config.DialFromNode(ctx, "http", config.NodeIP, config.NodeHTTPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By("node-Service(hostNetwork): udp") |
| |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v (node) --> %v:%v (config.clusterIP)", config.NodeIP, config.ClusterIP, e2enetwork.ClusterUDPPort)) |
| err = config.DialFromNode(ctx, "udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v (node) --> %v:%v (nodeIP)", config.NodeIP, config.NodeIP, config.NodeUDPPort)) |
| err = config.DialFromNode(ctx, "udp", config.NodeIP, config.NodeUDPPort, config.MaxTries, 0, config.EndpointHostnames()) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By("handle large requests: http(hostNetwork)") |
| |
| ginkgo.By(fmt.Sprintf("dialing(http) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterHTTPPort)) |
| message := strings.Repeat("42", 1000) |
| err = config.DialEchoFromTestContainer(ctx, "http", config.ClusterIP, e2enetwork.ClusterHTTPPort, config.MaxTries, 0, message) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| ginkgo.By("handle large requests: udp(hostNetwork)") |
| |
| ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterUDPPort)) |
| message = "n" + strings.Repeat("o", 1999) |
| err = config.DialEchoFromTestContainer(ctx, "udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, 0, message) |
| if err != nil { |
| framework.Failf("failed dialing endpoint, %v", err) |
| } |
| |
| }) |
| |
| }) |
| |
| f.It("should recreate its iptables rules if they are deleted", f.WithDisruptive(), func(ctx context.Context) { |
| e2eskipper.SkipUnlessProviderIs(framework.ProvidersWithSSH...) |
| e2eskipper.SkipUnlessSSHKeyPresent() |
| |
| hosts, err := e2essh.NodeSSHHosts(ctx, f.ClientSet) |
| framework.ExpectNoError(err, "failed to find external/internal IPs for every node") |
| if len(hosts) == 0 { |
| framework.Failf("No ssh-able nodes") |
| } |
| host := hosts[0] |
| |
| ns := f.Namespace.Name |
| numPods, servicePort := 3, defaultServeHostnameServicePort |
| svc := "iptables-flush-test" |
| |
| ginkgo.DeferCleanup(StopServeHostnameService, f.ClientSet, ns, svc) |
| podNames, svcIP, err := StartServeHostnameService(ctx, f.ClientSet, getServeHostnameService(svc), ns, numPods) |
| framework.ExpectNoError(err, "failed to create replication controller with service: %s in the namespace: %s", svc, ns) |
| |
| // Ideally we want to reload the system firewall, but we don't necessarily |
| // know how to do that on this system ("firewall-cmd --reload"? "systemctl |
| // restart iptables"?). So instead we just manually delete all "KUBE-" |
| // chains. |
| |
| ginkgo.By("dumping iptables rules on node " + host) |
| result, err := e2essh.SSH(ctx, "sudo iptables-save", host, framework.TestContext.Provider) |
| e2essh.LogResult(result) |
| if err != nil || result.Code != 0 { |
| framework.Failf("couldn't dump iptable rules: %v", err) |
| } |
| |
| // All the commands that delete rules have to come before all the commands |
| // that delete chains, since the chains can't be deleted while there are |
| // still rules referencing them. |
| var deleteRuleCmds, deleteChainCmds []string |
| table := "" |
| for _, line := range strings.Split(result.Stdout, "\n") { |
| if strings.HasPrefix(line, "*") { |
| table = line[1:] |
| } else if table == "" { |
| continue |
| } |
| |
| // Delete jumps from non-KUBE chains to KUBE chains |
| if !strings.HasPrefix(line, "-A KUBE-") && strings.Contains(line, "-j KUBE-") { |
| deleteRuleCmds = append(deleteRuleCmds, fmt.Sprintf("sudo iptables -t %s -D %s || true", table, line[3:])) |
| } |
| // Flush and delete all KUBE chains |
| if strings.HasPrefix(line, ":KUBE-") { |
| chain := strings.Split(line, " ")[0][1:] |
| deleteRuleCmds = append(deleteRuleCmds, fmt.Sprintf("sudo iptables -t %s -F %s || true", table, chain)) |
| deleteChainCmds = append(deleteChainCmds, fmt.Sprintf("sudo iptables -t %s -X %s || true", table, chain)) |
| } |
| } |
| cmd := strings.Join(append(deleteRuleCmds, deleteChainCmds...), "\n") |
| |
| ginkgo.By("deleting all KUBE-* iptables chains") |
| result, err = e2essh.SSH(ctx, cmd, host, framework.TestContext.Provider) |
| if err != nil || result.Code != 0 { |
| e2essh.LogResult(result) |
| framework.Failf("couldn't delete iptable rules: %v", err) |
| } |
| |
| ginkgo.By("verifying that kube-proxy rules are eventually recreated") |
| framework.ExpectNoError(verifyServeHostnameServiceUp(ctx, f.ClientSet, ns, podNames, svcIP, servicePort)) |
| |
| ginkgo.By("verifying that kubelet rules are eventually recreated") |
| err = utilwait.PollImmediate(framework.Poll, framework.RestartNodeReadyAgainTimeout, func() (bool, error) { |
| result, err = e2essh.SSH(ctx, "sudo iptables-save -t mangle", host, framework.TestContext.Provider) |
| if err != nil || result.Code != 0 { |
| e2essh.LogResult(result) |
| return false, err |
| } |
| |
| if strings.Contains(result.Stdout, "\n:KUBE-IPTABLES-HINT") { |
| return true, nil |
| } |
| return false, nil |
| }) |
| if err != nil { |
| e2essh.LogResult(result) |
| } |
| framework.ExpectNoError(err, "kubelet did not recreate its iptables rules") |
| }) |
| |
| // This is [Serial] because it can't run at the same time as the |
| // [Feature:SCTPConnectivity] tests, since they may cause sctp.ko to be loaded. |
| f.It("should allow creating a Pod with an SCTP HostPort [LinuxOnly]", f.WithSerial(), func(ctx context.Context) { |
| node, err := e2enode.GetRandomReadySchedulableNode(ctx, f.ClientSet) |
| framework.ExpectNoError(err) |
| hostExec := utils.NewHostExec(f) |
| ginkgo.DeferCleanup(hostExec.Cleanup) |
| |
| ginkgo.By("getting the state of the sctp module on the selected node") |
| nodes := &v1.NodeList{} |
| nodes.Items = append(nodes.Items, *node) |
| sctpLoadedAtStart := CheckSCTPModuleLoadedOnNodes(ctx, f, nodes) |
| |
| ginkgo.By("creating a pod with hostport on the selected node") |
| podName := "hostport" |
| ports := []v1.ContainerPort{{Protocol: v1.ProtocolSCTP, ContainerPort: 5060, HostPort: 5060}} |
| podSpec := e2epod.NewAgnhostPod(f.Namespace.Name, podName, nil, nil, ports) |
| nodeSelection := e2epod.NodeSelection{Name: node.Name} |
| e2epod.SetNodeSelection(&podSpec.Spec, nodeSelection) |
| |
| ginkgo.By(fmt.Sprintf("Launching the pod on node %v", node.Name)) |
| e2epod.NewPodClient(f).CreateSync(ctx, podSpec) |
| ginkgo.DeferCleanup(func(ctx context.Context) { |
| err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Delete(ctx, podName, metav1.DeleteOptions{}) |
| framework.ExpectNoError(err, "failed to delete pod: %s in namespace: %s", podName, f.Namespace.Name) |
| }) |
| ginkgo.By("validating sctp module is still not loaded") |
| sctpLoadedAtEnd := CheckSCTPModuleLoadedOnNodes(ctx, f, nodes) |
| if !sctpLoadedAtStart && sctpLoadedAtEnd { |
| framework.Failf("The state of the sctp module has changed due to the test case") |
| } |
| }) |
| }) |
