From 47133919e75aa3fc5f46f7aaf94858776e034123 Mon Sep 17 00:00:00 2001 From: joey Date: Tue, 16 Jul 2024 10:18:05 +0800 Subject: [PATCH] add some notes for e2e preserve source pod ip test Signed-off-by: joey --- test/e2e/network/service.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/e2e/network/service.go b/test/e2e/network/service.go index ec075c50899..2f23756e6d9 100644 --- a/test/e2e/network/service.go +++ b/test/e2e/network/service.go @@ -986,6 +986,9 @@ var _ = common.SIGDescribe("Services", func() { framework.ExpectNoError(err) }) + // NOTE: base on fundamental requirement of the kubernetes networking model(https://kubernetes.io/docs/concepts/services-networking/) + // pods can communicate with all other pods on any other node without NAT + // we should avoid masquerading the internal Pod traffic, detail see #126089 ginkgo.It("should preserve source pod IP for traffic thru service cluster IP [LinuxOnly]", func(ctx context.Context) { // this test is creating a pod with HostNetwork=true, which is not supported on Windows. e2eskipper.SkipIfNodeOSDistroIs("windows") @@ -1055,7 +1058,9 @@ var _ = common.SIGDescribe("Services", func() { for _, pausePod := range pausePods.Items { sourceIP, execPodIP := execSourceIPTest(pausePod, serviceAddress) ginkgo.By("Verifying the preserved source ip") - gomega.Expect(sourceIP).To(gomega.Equal(execPodIP)) + gomega.Expect(sourceIP).To(gomega.Equal(execPodIP), + "expected preserved source IP is %s, if not, please check whether the internal pod traffic is masqueraded", + sourceIP) } })