Merge pull request #126110 from chengjoey/docs/e2e-pod-traffic

add some notes for e2e preserve source pod ip test
2025-07-31 23:37:01 +00:00 · 2024-07-16 09:20:57 -07:00 · 2024-07-16 09:20:57 -07:00 · 7e1cfca8af
commit 7e1cfca8af
parent 130414950f 47133919e7
1 changed files with 6 additions and 1 deletions
--- a/test/e2e/network/service.go
+++ b/test/e2e/network/service.go
@ -986,6 +986,9 @@ var _ = common.SIGDescribe("Services", func() {
 		framework.ExpectNoError(err)
 	})

+	// NOTE: base on fundamental requirement of the kubernetes networking model(https://kubernetes.io/docs/concepts/services-networking/)
+	// pods can communicate with all other pods on any other node without NAT
+	// we should avoid masquerading the internal Pod traffic, detail see #126089
 	ginkgo.It("should preserve source pod IP for traffic thru service cluster IP [LinuxOnly]", func(ctx context.Context) {
 		// this test is creating a pod with HostNetwork=true, which is not supported on Windows.
 		e2eskipper.SkipIfNodeOSDistroIs("windows")
@ -1055,7 +1058,9 @@ var _ = common.SIGDescribe("Services", func() {
 		for _, pausePod := range pausePods.Items {
 			sourceIP, execPodIP := execSourceIPTest(pausePod, serviceAddress)
 			ginkgo.By("Verifying the preserved source ip")
-			gomega.Expect(sourceIP).To(gomega.Equal(execPodIP))
+			gomega.Expect(sourceIP).To(gomega.Equal(execPodIP),
+				"expected preserved source IP is %s, if not, please check whether the internal pod traffic is masqueraded",
+				sourceIP)
 		}
 	})