github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 14:37:00 +00:00
Code Issues Projects Releases Wiki Activity

e2e/network/firewall: don't assume nodes are exposed externally

Browse Source 
If no nodes have NodeExternalIP addresses, then clearly none of the
services are exposed externally, and the test should succeed.
Seen in OpenShift CI.
This commit is contained in:
Dan Williams 2021-04-26 10:23:43 -05:00
parent 2b54418d66
commit f86ddbea70
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
test/e2e/network/firewall.go
View File

@ -218,8 +218,10 @@ var _ = common.SIGDescribe("Firewall rule", func() {
ginkgo.By("Checking well known ports on master and nodes are not exposed externally")
nodeAddr := e2enode.FirstAddress(nodes, v1.NodeExternalIP)
if nodeAddr == "" {
framework.Failf("did not find any node addresses")
if nodeAddr != "" {
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletPort, firewallTestTCPTimeout, false)
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletReadOnlyPort, firewallTestTCPTimeout, false)
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.ProxyStatusPort, firewallTestTCPTimeout, false)
}
controlPlaneAddresses := framework.GetControlPlaneAddresses(cs)
@ -227,9 +229,6 @@ var _ = common.SIGDescribe("Firewall rule", func() {
assertNotReachableHTTPTimeout(instanceAddress, "/healthz", ports.KubeControllerManagerPort, firewallTestTCPTimeout, true)
assertNotReachableHTTPTimeout(instanceAddress, "/healthz", kubeschedulerconfig.DefaultKubeSchedulerPort, firewallTestTCPTimeout, true)
}
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletPort, firewallTestTCPTimeout, false)
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.KubeletReadOnlyPort, firewallTestTCPTimeout, false)
assertNotReachableHTTPTimeout(nodeAddr, "/", ports.ProxyStatusPort, firewallTestTCPTimeout, false)
})
})