From 2ec3929134ac9d071d89db0c4b50324d1a6abe45 Mon Sep 17 00:00:00 2001 From: Nadia Pinaeva Date: Mon, 22 Jul 2024 12:37:14 +0200 Subject: [PATCH] [kube-proxy:nftables] Add partial sync unit test. Signed-off-by: Nadia Pinaeva --- pkg/proxy/nftables/proxier_test.go | 49 ++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/pkg/proxy/nftables/proxier_test.go b/pkg/proxy/nftables/proxier_test.go index 64762ca1f29..1d774cad065 100644 --- a/pkg/proxy/nftables/proxier_test.go +++ b/pkg/proxy/nftables/proxier_test.go @@ -4089,6 +4089,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) { add rule ip kube-proxy endpoint-2OCDJSZQ-ns3/svc3/tcp/p80__10.0.3.1/80 meta l4proto tcp dnat to 10.0.3.1:80 `) assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + // add 1 element to cluster-ips and service-ips = 2 operations + // add+flush 2 chains for service and endpoint, add 2 rules in each = 8 operations + // 10 operations total. + if nft.LastTransaction.NumOperations() != 10 { + t.Errorf("Expected 10 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } // Delete a service; its chains will be flushed, but not immediately deleted. fp.OnServiceDelete(svc2) @@ -4117,6 +4123,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) { add rule ip kube-proxy endpoint-2OCDJSZQ-ns3/svc3/tcp/p80__10.0.3.1/80 meta l4proto tcp dnat to 10.0.3.1:80 `) assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + // delete 1 element from cluster-ips and service-ips = 2 operations + // flush 2 chains for service and endpoint = 2 operations + // 4 operations total. + if nft.LastTransaction.NumOperations() != 4 { + t.Errorf("Expected 4 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } // Fake the passage of time and confirm that the stale chains get deleted. ageStaleChains() @@ -4142,6 +4154,10 @@ func TestSyncProxyRulesRepeated(t *testing.T) { add rule ip kube-proxy endpoint-2OCDJSZQ-ns3/svc3/tcp/p80__10.0.3.1/80 meta l4proto tcp dnat to 10.0.3.1:80 `) assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + // delete stale chains happens in a separate transaction, nothing else changed => last transaction will have 0 operations. + if nft.LastTransaction.NumOperations() != 0 { + t.Errorf("Expected 0 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } // Add a service, sync, then add its endpoints. makeServiceMap(fp, @@ -4180,6 +4196,10 @@ func TestSyncProxyRulesRepeated(t *testing.T) { add element ip kube-proxy no-endpoint-services { 172.30.0.44 . tcp . 80 comment "ns4/svc4:p80" : goto reject-chain } `) assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + // add 1 element to cluster-ips and no-endpoint-services = 2 operations + if nft.LastTransaction.NumOperations() != 2 { + t.Errorf("Expected 2 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } populateEndpointSlices(fp, makeTestEndpointSlice("ns4", "svc4", 1, func(eps *discovery.EndpointSlice) { @@ -4225,6 +4245,11 @@ func TestSyncProxyRulesRepeated(t *testing.T) { add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80 `) assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + // add 1 element to service-ips, remove 1 element from no-endpoint-services = 2 operations + // add+flush 2 chains for service and endpoint, add 2 rules in each = 8 operations + if nft.LastTransaction.NumOperations() != 10 { + t.Errorf("Expected 10 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } // Change an endpoint of an existing service. eps3update := eps3.DeepCopy() @@ -4264,6 +4289,11 @@ func TestSyncProxyRulesRepeated(t *testing.T) { add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80 `) assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + // add+flush 2 chains for service and endpoint, add 2 rules in each = 8 operations + // flush old endpoint chain = 1 operation + if nft.LastTransaction.NumOperations() != 9 { + t.Errorf("Expected 9 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } // (Ensure the old svc3 chain gets deleted in the next sync.) ageStaleChains() @@ -4307,6 +4337,10 @@ func TestSyncProxyRulesRepeated(t *testing.T) { add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80 `) assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + // add+flush 3 chains for 1 service and 2 endpoints, add 2 rules in each = 12 operations + if nft.LastTransaction.NumOperations() != 12 { + t.Errorf("Expected 12 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } // Empty a service's endpoints; its chains will be flushed, but not immediately deleted. eps3update3 := eps3update2.DeepCopy() @@ -4340,6 +4374,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) { add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80 `) assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + // remove 1 element from service-ips, add 1 element to no-endpoint-services = 2 operations + // flush 3 chains = 3 operations + if nft.LastTransaction.NumOperations() != 5 { + t.Errorf("Expected 5 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } + expectedStaleChains := sets.NewString("service-4AT6LBPK-ns3/svc3/tcp/p80", "endpoint-SWWHDC7X-ns3/svc3/tcp/p80__10.0.3.2/80", "endpoint-TQ2QKHCZ-ns3/svc3/tcp/p80__10.0.3.3/80") gotStaleChains := sets.StringKeySet(fp.staleChains) if !expectedStaleChains.Equal(gotStaleChains) { @@ -4381,6 +4421,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) { add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80 `) assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + // remove 1 element from no-endpoint-services, add 1 element to service-ips = 2 operations + // add+flush 3 chains for 1 service and 2 endpoints, add 2 rules in each = 12 operations + if nft.LastTransaction.NumOperations() != 14 { + t.Errorf("Expected 14 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } + if len(fp.staleChains) != 0 { t.Errorf("unexpected stale chains: %v", fp.staleChains) } @@ -4399,6 +4445,9 @@ func TestSyncProxyRulesRepeated(t *testing.T) { // Sync with no new changes, so same expected rules as last time fp.syncProxyRules() assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump()) + if nft.LastTransaction.NumOperations() != 0 { + t.Errorf("Expected 0 trasaction operations, got %d", nft.LastTransaction.NumOperations()) + } } func TestNoEndpointsMetric(t *testing.T) {