From a0ca1fd63fb9cb2be9d19f406886e04fece735aa Mon Sep 17 00:00:00 2001 From: Federico Paolinelli Date: Mon, 8 Feb 2021 14:54:06 +0100 Subject: [PATCH 1/3] Network Tests: bind host network udp listeners to hostIPs When listening on udp, the reply is sent using a src address which is the address of the gateway interface. This means that when listening to any, the reply can be sent out with a src ip which is different from the request's target ip. This confuses natting and "connectionful" udp services do not work. Here, we force the endpoint to listen from the hostIP and from podIPs, to cover both dual stack and legacy clusters. Signed-off-by: Federico Paolinelli --- test/e2e/framework/network/utils.go | 39 +++++++++++++++++++++++++---- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/test/e2e/framework/network/utils.go b/test/e2e/framework/network/utils.go index e22160abe11..9e61470a5e4 100644 --- a/test/e2e/framework/network/utils.go +++ b/test/e2e/framework/network/utils.go @@ -540,6 +540,18 @@ func (config *NetworkingTestConfig) executeCurlCmd(cmd string, expected string) } func (config *NetworkingTestConfig) createNetShellPodSpec(podName, hostname string) *v1.Pod { + netexecArgs := []string{ + "netexec", + fmt.Sprintf("--http-port=%d", EndpointHTTPPort), + fmt.Sprintf("--udp-port=%d", EndpointUDPPort), + } + // In case of hostnetwork endpoints, we want to bind the udp listener to specific ip addresses. + // In order to cover legacy AND dualstack, we pass both the host ip and the two pod ips. Agnhost + // removes duplicates and so this will listen on both addresses (or on the single existing one). + if config.EndpointsHostNetwork { + netexecArgs = append(netexecArgs, "--udp-listen-addresses=$(HOST_IP),$(POD_IPS)") + } + probe := &v1.Probe{ InitialDelaySeconds: 10, TimeoutSeconds: 30, @@ -568,11 +580,7 @@ func (config *NetworkingTestConfig) createNetShellPodSpec(podName, hostname stri Name: "webserver", Image: NetexecImageName, ImagePullPolicy: v1.PullIfNotPresent, - Args: []string{ - "netexec", - fmt.Sprintf("--http-port=%d", EndpointHTTPPort), - fmt.Sprintf("--udp-port=%d", EndpointUDPPort), - }, + Args: netexecArgs, Ports: []v1.ContainerPort{ { Name: "http", @@ -602,6 +610,27 @@ func (config *NetworkingTestConfig) createNetShellPodSpec(podName, hostname stri Protocol: v1.ProtocolSCTP, }) } + + if config.EndpointsHostNetwork { + pod.Spec.Containers[0].Env = []v1.EnvVar{ + { + Name: "HOST_IP", + ValueFrom: &v1.EnvVarSource{ + FieldRef: &v1.ObjectFieldSelector{ + FieldPath: "status.hostIP", + }, + }, + }, + { + Name: "POD_IPS", + ValueFrom: &v1.EnvVarSource{ + FieldRef: &v1.ObjectFieldSelector{ + FieldPath: "status.podIPs", + }, + }, + }, + } + } return pod } From fa963f55ae7afcdf5f0e24c534da04b4ed9ab3d8 Mon Sep 17 00:00:00 2001 From: Federico Paolinelli Date: Tue, 9 Feb 2021 11:55:24 +0100 Subject: [PATCH 2/3] Un-skip the hostnetwork udp endpoint test. Since the test is being fixed, we can run the test. Signed-off-by: Federico Paolinelli --- test/e2e/network/networking.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/test/e2e/network/networking.go b/test/e2e/network/networking.go index c1d8af47e53..db109100e57 100644 --- a/test/e2e/network/networking.go +++ b/test/e2e/network/networking.go @@ -468,10 +468,7 @@ var _ = common.SIGDescribe("Networking", func() { } }) - // skip because pods can not reach the endpoint in the same host if using UDP and hostNetwork - // xref: #95565 ginkgo.It("should function for pod-Service(hostNetwork): udp", func() { - e2eskipper.Skipf("skip because pods can not reach the endpoint in the same host if using UDP and hostNetwork #95565") config := e2enetwork.NewNetworkingTestConfig(f, e2enetwork.EndpointsUseHostNetwork) ginkgo.By(fmt.Sprintf("dialing(udp) %v --> %v:%v (config.clusterIP)", config.TestContainerPod.Name, config.ClusterIP, e2enetwork.ClusterUDPPort)) err := config.DialFromTestContainer("udp", config.ClusterIP, e2enetwork.ClusterUDPPort, config.MaxTries, 0, config.EndpointHostnames()) From b69bc865b4ed7506c648d501704a54c72470755b Mon Sep 17 00:00:00 2001 From: Federico Paolinelli Date: Tue, 9 Mar 2021 11:54:44 +0100 Subject: [PATCH 3/3] Bump up the agnhost version used This is needed to consume the changes in https://github.com/kubernetes/kubernetes/pull/98883 Signed-off-by: Federico Paolinelli --- build/dependencies.yaml | 2 +- test/utils/image/manifest.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/dependencies.yaml b/build/dependencies.yaml index 43d3e8a8999..3ca0eca455b 100644 --- a/build/dependencies.yaml +++ b/build/dependencies.yaml @@ -27,7 +27,7 @@ dependencies: # then after merge and successful postsubmit image push / promotion, bump this - name: "agnhost: dependents" - version: "2.28" + version: "2.29" refPaths: - path: test/utils/image/manifest.go match: configs\[Agnhost\] = Config{promoterE2eRegistry, "agnhost", "\d+\.\d+"} diff --git a/test/utils/image/manifest.go b/test/utils/image/manifest.go index c29489475ad..a107ef6c276 100644 --- a/test/utils/image/manifest.go +++ b/test/utils/image/manifest.go @@ -216,7 +216,7 @@ const ( func initImageConfigs() (map[int]Config, map[int]Config) { configs := map[int]Config{} - configs[Agnhost] = Config{promoterE2eRegistry, "agnhost", "2.28"} + configs[Agnhost] = Config{promoterE2eRegistry, "agnhost", "2.29"} configs[AgnhostPrivate] = Config{PrivateRegistry, "agnhost", "2.6"} configs[AuthenticatedAlpine] = Config{gcAuthenticatedRegistry, "alpine", "3.7"} configs[AuthenticatedWindowsNanoServer] = Config{gcAuthenticatedRegistry, "windows-nanoserver", "v1"}