mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-03 09:22:44 +00:00
Cleanup firewalls, add nginx ingress to presubmit
This commit is contained in:
bprashanth
parent
5e44666fc1
commit
f609546b34
@ -421,7 +421,7 @@ func (j *federationTestJig) waitForFederatedIngress() {
|
||||
for _, p := range rules.IngressRuleValue.HTTP.Paths {
|
||||
route := fmt.Sprintf("%v://%v%v", proto, address, p.Path)
|
||||
framework.Logf("Testing route %v host %v with simple GET", route, rules.Host)
|
||||
ExpectNoError(pollURL(route, rules.Host, lbPollTimeout, timeoutClient, false))
|
||||
ExpectNoError(pollURL(route, rules.Host, lbPollTimeout, lbPollInterval, timeoutClient, false))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -55,7 +55,7 @@ const (
|
||||
nameLenLimit = 62
|
||||
)
|
||||
|
||||
var _ = framework.KubeDescribe("Loadbalancing: L7 [Feature:Ingress]", func() {
|
||||
var _ = framework.KubeDescribe("Loadbalancing: L7", func() {
|
||||
defer GinkgoRecover()
|
||||
var (
|
||||
ns string
|
||||
@ -130,10 +130,10 @@ var _ = framework.KubeDescribe("Loadbalancing: L7 [Feature:Ingress]", func() {
|
||||
|
||||
By("waiting for Ingress to come up with ip: " + ip)
|
||||
httpClient := buildInsecureClient(reqTimeout)
|
||||
ExpectNoError(pollURL(fmt.Sprintf("https://%v/", ip), "", lbPollTimeout, httpClient, false))
|
||||
ExpectNoError(pollURL(fmt.Sprintf("https://%v/", ip), "", lbPollTimeout, jig.pollInterval, httpClient, false))
|
||||
|
||||
By("should reject HTTP traffic")
|
||||
ExpectNoError(pollURL(fmt.Sprintf("http://%v/", ip), "", lbPollTimeout, httpClient, true))
|
||||
ExpectNoError(pollURL(fmt.Sprintf("http://%v/", ip), "", lbPollTimeout, jig.pollInterval, httpClient, true))
|
||||
|
||||
// TODO: uncomment the restart test once we have a way to synchronize
|
||||
// and know that the controller has resumed watching. If we delete
|
||||
@ -151,7 +151,7 @@ var _ = framework.KubeDescribe("Loadbalancing: L7 [Feature:Ingress]", func() {
|
||||
})
|
||||
|
||||
// Time: borderline 5m, slow by design
|
||||
framework.KubeDescribe("Nginx [Slow]", func() {
|
||||
framework.KubeDescribe("Nginx", func() {
|
||||
var nginxController *NginxIngressController
|
||||
|
||||
BeforeEach(func() {
|
||||
@ -188,6 +188,9 @@ var _ = framework.KubeDescribe("Loadbalancing: L7 [Feature:Ingress]", func() {
|
||||
})
|
||||
|
||||
It("should conform to Ingress spec", func() {
|
||||
// Poll more frequently to reduce e2e completion time.
|
||||
// This test runs in presubmit.
|
||||
jig.pollInterval = 5 * time.Second
|
||||
conformanceTests = createComformanceTests(jig, ns)
|
||||
for _, t := range conformanceTests {
|
||||
By(t.entryLog)
|
||||
|
||||
@ -90,6 +90,9 @@ type testJig struct {
|
||||
// `kubernetes.io/ingress.class`. It's added to all ingresses created by
|
||||
// this jig.
|
||||
class string
|
||||
|
||||
// The interval used to poll urls
|
||||
pollInterval time.Duration
|
||||
}
|
||||
|
||||
type conformanceTests struct {
|
||||
@ -170,7 +173,7 @@ func createComformanceTests(jig *testJig, ns string) []conformanceTests {
|
||||
})
|
||||
By("Checking that " + pathToFail + " is not exposed by polling for failure")
|
||||
route := fmt.Sprintf("http://%v%v", jig.address, pathToFail)
|
||||
ExpectNoError(pollURL(route, updateURLMapHost, lbCleanupTimeout, &http.Client{Timeout: reqTimeout}, true))
|
||||
ExpectNoError(pollURL(route, updateURLMapHost, lbCleanupTimeout, jig.pollInterval, &http.Client{Timeout: reqTimeout}, true))
|
||||
},
|
||||
fmt.Sprintf("Waiting for path updates to reflect in L7"),
|
||||
},
|
||||
@ -179,9 +182,9 @@ func createComformanceTests(jig *testJig, ns string) []conformanceTests {
|
||||
|
||||
// pollURL polls till the url responds with a healthy http code. If
|
||||
// expectUnreachable is true, it breaks on first non-healthy http code instead.
|
||||
func pollURL(route, host string, timeout time.Duration, httpClient *http.Client, expectUnreachable bool) error {
|
||||
func pollURL(route, host string, timeout time.Duration, interval time.Duration, httpClient *http.Client, expectUnreachable bool) error {
|
||||
var lastBody string
|
||||
pollErr := wait.PollImmediate(lbPollInterval, timeout, func() (bool, error) {
|
||||
pollErr := wait.PollImmediate(interval, timeout, func() (bool, error) {
|
||||
var err error
|
||||
lastBody, err = simpleGET(httpClient, route, host)
|
||||
if err != nil {
|
||||
@ -596,19 +599,18 @@ func (cont *GCEIngressController) canDelete(resourceName, creationTimestamp stri
|
||||
}
|
||||
|
||||
func (cont *GCEIngressController) deleteFirewallRule(del bool) (msg string) {
|
||||
gceCloud := cont.cloud.Provider.(*gcecloud.GCECloud)
|
||||
fwName := fmt.Sprintf("k8s-fw-l7--%v", cont.UID)
|
||||
fw, err := gceCloud.GetFirewall(fwName)
|
||||
if err != nil {
|
||||
if cont.isHTTPErrorCode(err, http.StatusNotFound) {
|
||||
return msg
|
||||
}
|
||||
return fmt.Sprintf("Failed to get fw %v: %v", fwName, err)
|
||||
}
|
||||
msg = fmt.Sprintf("%v (firewall-rule)\n", fw.Name)
|
||||
if del {
|
||||
if err := gceCloud.DeleteFirewall(fw.Name); err != nil && cont.isHTTPErrorCode(err, http.StatusNotFound) {
|
||||
msg += fmt.Sprintf("Failed to delete %v: %v\n", fw.Name, err)
|
||||
fwList := []compute.Firewall{}
|
||||
regex := fmt.Sprintf("%vfw-l7%v.*", k8sPrefix, clusterDelimiter)
|
||||
gcloudList("firewall-rules", regex, cont.cloud.ProjectID, &fwList)
|
||||
if len(fwList) != 0 {
|
||||
for _, f := range fwList {
|
||||
if !cont.canDelete(f.Name, f.CreationTimestamp, del) {
|
||||
continue
|
||||
}
|
||||
msg += fmt.Sprintf("%v (firewall rule)\n", f.Name)
|
||||
if del {
|
||||
gcloudDelete("firewall-rules", f.Name, cont.cloud.ProjectID)
|
||||
}
|
||||
}
|
||||
}
|
||||
return msg
|
||||
@ -833,7 +835,7 @@ func (j *testJig) waitForIngress() {
|
||||
j.curlServiceNodePort(j.ing.Namespace, p.Backend.ServiceName, int(p.Backend.ServicePort.IntVal))
|
||||
route := fmt.Sprintf("%v://%v%v", proto, address, p.Path)
|
||||
framework.Logf("Testing route %v host %v with simple GET", route, rules.Host)
|
||||
ExpectNoError(pollURL(route, rules.Host, lbPollTimeout, timeoutClient, false))
|
||||
ExpectNoError(pollURL(route, rules.Host, lbPollTimeout, j.pollInterval, timeoutClient, false))
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -857,7 +859,7 @@ func (j *testJig) curlServiceNodePort(ns, name string, port int) {
|
||||
// TODO: Curl all nodes?
|
||||
u, err := framework.GetNodePortURL(j.client, ns, name, port)
|
||||
ExpectNoError(err)
|
||||
ExpectNoError(pollURL(u, "", 30*time.Second, &http.Client{Timeout: reqTimeout}, false))
|
||||
ExpectNoError(pollURL(u, "", 30*time.Second, j.pollInterval, &http.Client{Timeout: reqTimeout}, false))
|
||||
}
|
||||
|
||||
// ingFromManifest reads a .json/yaml file and returns the rc in it.
|
||||
@ -911,7 +913,7 @@ type GCEIngressController struct {
|
||||
}
|
||||
|
||||
func newTestJig(c clientset.Interface) *testJig {
|
||||
return &testJig{client: c, rootCAs: map[string][]byte{}}
|
||||
return &testJig{client: c, rootCAs: map[string][]byte{}, pollInterval: lbPollInterval}
|
||||
}
|
||||
|
||||
// NginxIngressController manages implementation details of Ingress on Nginx.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user