github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-28 22:17:14 +00:00
Code Issues Projects Releases Wiki Activity

add e2e test for updating lb source range

Browse Source
This commit is contained in:
Minhan Xia 2016-09-14 17:00:00 -07:00
parent 1c2c0c1f63
commit 0ea7b950d3
2 changed files with 86 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

85
test/e2e/service.go
View File

@ -1103,6 +1103,73 @@ var _ = framework.KubeDescribe("Services", func() {
framework.Failf("expected un-ready endpoint for Service %v within %v, stdout: %v", t.name, kubeProxyLagTimeout, stdout) framework.Failf("expected un-ready endpoint for Service %v within %v, stdout: %v", t.name, kubeProxyLagTimeout, stdout)
} }
}) })
It("should only allow access from service loadbalancer source ranges [Slow]", func() {
// this feature currently supported only on GCE/GKE/AWS
framework.SkipUnlessProviderIs("gce", "gke", "aws")
loadBalancerCreateTimeout := loadBalancerCreateTimeoutDefault
if nodes := framework.GetReadySchedulableNodesOrDie(cs); len(nodes.Items) > largeClusterMinNodesNumber {
loadBalancerCreateTimeout = loadBalancerCreateTimeoutLarge
}
namespace := f.Namespace.Name
serviceName := "lb-sourcerange"
jig := NewServiceTestJig(cs, serviceName)
By("Prepare allow source ips")
// prepare the exec pods
// acceptPod are allowed to access the loadbalancer
acceptPodName := createExecPodOrFail(cs, namespace, "execpod-accept")
dropPodName := createExecPodOrFail(cs, namespace, "execpod-drop")
accpetPod, err := cs.Core().Pods(namespace).Get(acceptPodName)
Expect(err).NotTo(HaveOccurred())
dropPod, err := cs.Core().Pods(namespace).Get(dropPodName)
Expect(err).NotTo(HaveOccurred())
By("creating a pod to be part of the service " + serviceName)
// This container is an nginx container listening on port 80
// See kubernetes/contrib/ingress/echoheaders/nginx.conf for content of response
jig.RunOrFail(namespace, nil)
// Create loadbalancer service with source range from node[0] and podAccept
svc := jig.CreateTCPServiceOrFail(namespace, func(svc *v1.Service) {
svc.Spec.Type = v1.ServiceTypeLoadBalancer
svc.Spec.LoadBalancerSourceRanges = []string{accpetPod.Status.PodIP + "/32"}
})
// Clean up loadbalancer service
defer func() {
jig.UpdateServiceOrFail(svc.Namespace, svc.Name, func(svc *v1.Service) {
svc.Spec.Type = v1.ServiceTypeNodePort
svc.Spec.LoadBalancerSourceRanges = nil
})
Expect(cs.Core().Services(svc.Namespace).Delete(svc.Name, nil)).NotTo(HaveOccurred())
}()
svc = jig.WaitForLoadBalancerOrFail(namespace, serviceName, loadBalancerCreateTimeout)
jig.SanityCheckService(svc, v1.ServiceTypeLoadBalancer)
By("check reachability from different sources")
svcIP := getIngressPoint(&svc.Status.LoadBalancer.Ingress[0])
checkReachabilityFromPod(true, namespace, acceptPodName, svcIP)
checkReachabilityFromPod(false, namespace, dropPodName, svcIP)
By("Update service LoadBalancerSourceRange and check reachability")
jig.UpdateServiceOrFail(svc.Namespace, svc.Name, func(svc *v1.Service) {
// only allow access from dropPod
svc.Spec.LoadBalancerSourceRanges = []string{dropPod.Status.PodIP + "/32"}
})
checkReachabilityFromPod(false, namespace, acceptPodName, svcIP)
checkReachabilityFromPod(true, namespace, dropPodName, svcIP)
By("Delete LoadBalancerSourceRange field and check reachability")
jig.UpdateServiceOrFail(svc.Namespace, svc.Name, func(svc *v1.Service) {
svc.Spec.LoadBalancerSourceRanges = nil
})
checkReachabilityFromPod(true, namespace, acceptPodName, svcIP)
checkReachabilityFromPod(true, namespace, dropPodName, svcIP)
})
}) })
var _ = framework.KubeDescribe("ESIPP [Slow][Feature:ExternalTrafficLocalOnly]", func() { var _ = framework.KubeDescribe("ESIPP [Slow][Feature:ExternalTrafficLocalOnly]", func() {
@ -2773,3 +2840,21 @@ func describeSvc(ns string) {
"describe", "svc", fmt.Sprintf("--namespace=%v", ns)) "describe", "svc", fmt.Sprintf("--namespace=%v", ns))
framework.Logf(desc) framework.Logf(desc)
} }
func checkReachabilityFromPod(expectToBeReachable bool, namespace, pod, target string) {
cmd := fmt.Sprintf("wget -T 5 -qO- %q", target)
err := wait.PollImmediate(framework.Poll, 2*time.Minute, func() (bool, error) {
_, err := framework.RunHostCmd(namespace, pod, cmd)
if expectToBeReachable && err != nil {
framework.Logf("Expect target to be reachable. But got err: %v. Retry until timeout", err)
return false, nil
}
if !expectToBeReachable && err == nil {
framework.Logf("Expect target NOT to be reachable. But it is reachable. Retry until timeout")
return false, nil
}
return true, nil
})
Expect(err).NotTo(HaveOccurred())
}

1
test/test_owners.csv
View File

@ -444,6 +444,7 @@ Services should be able to create a functioning NodePort service,bprashanth,0
Services should be able to up and down services,bprashanth,0 Services should be able to up and down services,bprashanth,0
Services should check NodePort out-of-range,bprashanth,0 Services should check NodePort out-of-range,bprashanth,0
Services should create endpoints for unready pods,maisem,0 Services should create endpoints for unready pods,maisem,0
Serivces should only allow access from service loadbalancer source ranges,freehan,0
Services should preserve source pod IP for traffic thru service cluster IP,Random-Liu,1 Services should preserve source pod IP for traffic thru service cluster IP,Random-Liu,1
Services should prevent NodePort collisions,bprashanth,0 Services should prevent NodePort collisions,bprashanth,0
Services should provide secure master service,bprashanth,0 Services should provide secure master service,bprashanth,0

1 name owner auto-assigned
444 Services should be able to up and down services bprashanth 0
445 Services should check NodePort out-of-range bprashanth 0
446 Services should create endpoints for unready pods maisem 0
447 Serivces should only allow access from service loadbalancer source ranges freehan 0
448 Services should preserve source pod IP for traffic thru service cluster IP Random-Liu 1
449 Services should prevent NodePort collisions bprashanth 0
450 Services should provide secure master service bprashanth 0