e2e: split test into kubeup & generic tests

The "should have correct firewall rules for e2e cluster" test is GCE specific, and likely specific to the kube-up configuration. However, the second half of the test is a generic behaviour based test that verifies that ports are not reachable. We can split this into two tests, with an eye to running the generic test in more places.
2025-08-06 10:43:56 +00:00 · 2021-01-09 09:10:05 -05:00 · 2021-01-09 09:10:05 -05:00 · ae26042e1a
commit ae26042e1a
parent 67541a1bcc
1 changed files with 5 additions and 3 deletions
--- a/test/e2e/network/firewall.go
+++ b/test/e2e/network/firewall.go
@ -201,9 +201,6 @@ var _ = SIGDescribe("Firewall rule", func() {
 	})

 	ginkgo.It("should have correct firewall rules for e2e cluster", func() {
-		nodes, err := e2enode.GetReadySchedulableNodes(cs)
-		framework.ExpectNoError(err)
-
 		ginkgo.By("Checking if e2e firewall rules are correct")
 		for _, expFw := range gce.GetE2eFirewalls(cloudConfig.MasterName, cloudConfig.MasterTag, cloudConfig.NodeTag, cloudConfig.Network, cloudConfig.ClusterIPRange) {
 			fw, err := gceCloud.GetFirewall(expFw.Name)
@ -211,6 +208,11 @@ var _ = SIGDescribe("Firewall rule", func() {
 			err = gce.VerifyFirewallRule(fw, expFw, cloudConfig.Network, false)
 			framework.ExpectNoError(err)
 		}
+	})
+
+	ginkgo.It("control plane should not expose well-known ports", func() {
+		nodes, err := e2enode.GetReadySchedulableNodes(cs)
+		framework.ExpectNoError(err)

 		ginkgo.By("Checking well known ports on master and nodes are not exposed externally")
 		nodeAddr := e2enode.FirstAddress(nodes, v1.NodeExternalIP)