mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
[kube-proxy:nftables] Add partial sync unit test.
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
This commit is contained in:
parent
3ccf5b8a55
commit
2ec3929134
@ -4089,6 +4089,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
add rule ip kube-proxy endpoint-2OCDJSZQ-ns3/svc3/tcp/p80__10.0.3.1/80 meta l4proto tcp dnat to 10.0.3.1:80
|
||||
`)
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
// add 1 element to cluster-ips and service-ips = 2 operations
|
||||
// add+flush 2 chains for service and endpoint, add 2 rules in each = 8 operations
|
||||
// 10 operations total.
|
||||
if nft.LastTransaction.NumOperations() != 10 {
|
||||
t.Errorf("Expected 10 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
|
||||
// Delete a service; its chains will be flushed, but not immediately deleted.
|
||||
fp.OnServiceDelete(svc2)
|
||||
@ -4117,6 +4123,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
add rule ip kube-proxy endpoint-2OCDJSZQ-ns3/svc3/tcp/p80__10.0.3.1/80 meta l4proto tcp dnat to 10.0.3.1:80
|
||||
`)
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
// delete 1 element from cluster-ips and service-ips = 2 operations
|
||||
// flush 2 chains for service and endpoint = 2 operations
|
||||
// 4 operations total.
|
||||
if nft.LastTransaction.NumOperations() != 4 {
|
||||
t.Errorf("Expected 4 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
|
||||
// Fake the passage of time and confirm that the stale chains get deleted.
|
||||
ageStaleChains()
|
||||
@ -4142,6 +4154,10 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
add rule ip kube-proxy endpoint-2OCDJSZQ-ns3/svc3/tcp/p80__10.0.3.1/80 meta l4proto tcp dnat to 10.0.3.1:80
|
||||
`)
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
// delete stale chains happens in a separate transaction, nothing else changed => last transaction will have 0 operations.
|
||||
if nft.LastTransaction.NumOperations() != 0 {
|
||||
t.Errorf("Expected 0 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
|
||||
// Add a service, sync, then add its endpoints.
|
||||
makeServiceMap(fp,
|
||||
@ -4180,6 +4196,10 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
add element ip kube-proxy no-endpoint-services { 172.30.0.44 . tcp . 80 comment "ns4/svc4:p80" : goto reject-chain }
|
||||
`)
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
// add 1 element to cluster-ips and no-endpoint-services = 2 operations
|
||||
if nft.LastTransaction.NumOperations() != 2 {
|
||||
t.Errorf("Expected 2 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
|
||||
populateEndpointSlices(fp,
|
||||
makeTestEndpointSlice("ns4", "svc4", 1, func(eps *discovery.EndpointSlice) {
|
||||
@ -4225,6 +4245,11 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
|
||||
`)
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
// add 1 element to service-ips, remove 1 element from no-endpoint-services = 2 operations
|
||||
// add+flush 2 chains for service and endpoint, add 2 rules in each = 8 operations
|
||||
if nft.LastTransaction.NumOperations() != 10 {
|
||||
t.Errorf("Expected 10 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
|
||||
// Change an endpoint of an existing service.
|
||||
eps3update := eps3.DeepCopy()
|
||||
@ -4264,6 +4289,11 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
|
||||
`)
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
// add+flush 2 chains for service and endpoint, add 2 rules in each = 8 operations
|
||||
// flush old endpoint chain = 1 operation
|
||||
if nft.LastTransaction.NumOperations() != 9 {
|
||||
t.Errorf("Expected 9 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
|
||||
// (Ensure the old svc3 chain gets deleted in the next sync.)
|
||||
ageStaleChains()
|
||||
@ -4307,6 +4337,10 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
|
||||
`)
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
// add+flush 3 chains for 1 service and 2 endpoints, add 2 rules in each = 12 operations
|
||||
if nft.LastTransaction.NumOperations() != 12 {
|
||||
t.Errorf("Expected 12 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
|
||||
// Empty a service's endpoints; its chains will be flushed, but not immediately deleted.
|
||||
eps3update3 := eps3update2.DeepCopy()
|
||||
@ -4340,6 +4374,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
|
||||
`)
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
// remove 1 element from service-ips, add 1 element to no-endpoint-services = 2 operations
|
||||
// flush 3 chains = 3 operations
|
||||
if nft.LastTransaction.NumOperations() != 5 {
|
||||
t.Errorf("Expected 5 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
|
||||
expectedStaleChains := sets.NewString("service-4AT6LBPK-ns3/svc3/tcp/p80", "endpoint-SWWHDC7X-ns3/svc3/tcp/p80__10.0.3.2/80", "endpoint-TQ2QKHCZ-ns3/svc3/tcp/p80__10.0.3.3/80")
|
||||
gotStaleChains := sets.StringKeySet(fp.staleChains)
|
||||
if !expectedStaleChains.Equal(gotStaleChains) {
|
||||
@ -4381,6 +4421,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
|
||||
`)
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
// remove 1 element from no-endpoint-services, add 1 element to service-ips = 2 operations
|
||||
// add+flush 3 chains for 1 service and 2 endpoints, add 2 rules in each = 12 operations
|
||||
if nft.LastTransaction.NumOperations() != 14 {
|
||||
t.Errorf("Expected 14 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
|
||||
if len(fp.staleChains) != 0 {
|
||||
t.Errorf("unexpected stale chains: %v", fp.staleChains)
|
||||
}
|
||||
@ -4399,6 +4445,9 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
|
||||
// Sync with no new changes, so same expected rules as last time
|
||||
fp.syncProxyRules()
|
||||
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
|
||||
if nft.LastTransaction.NumOperations() != 0 {
|
||||
t.Errorf("Expected 0 trasaction operations, got %d", nft.LastTransaction.NumOperations())
|
||||
}
|
||||
}
|
||||
|
||||
func TestNoEndpointsMetric(t *testing.T) {
|
||||
|
Loading…
Reference in New Issue
Block a user