github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 15:05:27 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #101488 from dcbw/e2e-net-firewall

Browse Source 
e2e/network/firewall: don't assume nodes are exposed externally
This commit is contained in:
Kubernetes Prow Robot 2021-04-26 22:15:36 -07:00 committed by GitHub
commit 3f98b98c69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/e2e/network/firewall.go
View File

@ -218,8 +218,10 @@ var _ = common.SIGDescribe("Firewall rule", func() {
ginkgo.By("Checking well known ports on master and nodes are not exposed externally")
nodeAddr := e2enode.FirstAddress(nodes, v1.NodeExternalIP)
if nodeAddr == "" {
framework.Failf("did not find any node addresses")
if nodeAddr != "" {
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletPort, firewallTestTCPTimeout, false)
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletReadOnlyPort, firewallTestTCPTimeout, false)
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.ProxyStatusPort, firewallTestTCPTimeout, false)
}
controlPlaneAddresses := framework.GetControlPlaneAddresses(cs)
@ -227,9 +229,6 @@ var _ = common.SIGDescribe("Firewall rule", func() {
assertNotReachableHTTPTimeout(instanceAddress, "/healthz", ports.KubeControllerManagerPort, firewallTestTCPTimeout, true)
assertNotReachableHTTPTimeout(instanceAddress, "/healthz", kubeschedulerconfig.DefaultKubeSchedulerPort, firewallTestTCPTimeout, true)
}
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletPort, firewallTestTCPTimeout, false)
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletReadOnlyPort, firewallTestTCPTimeout, false)
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.ProxyStatusPort, firewallTestTCPTimeout, false)
})
})