The NetworkPolicy tests work by trying to connect to a service by its
name, which means that for the tests that involved creating egress
policies, it had to always create an extra rule allowing egress for
DNS, but this assumed that DNS was running on UDP port 53. If it was
running somewhere else (eg if you changed the CoreDNS pods to use port
5353 to avoid needing to give them the NET_BIND_SERVICE capability)
then the NetworkPolicy tests would fail.
Fix this by making the tests connect to their services by IP rather
than by name, and removing all the DNS special-case rules. There are
other tests that ensure that Service DNS works.
Fix stupid golang loop variable closure thing.
Also, if we fail to initially set up the rules for one family, don't
try to set up a canary. eg, on the CI hosts, the kernel ip6tables
modules are not loaded, so any attempt to call ip6tables will fail.
Just log those errors once at startup rather than once a minute.
Mitigate the shellcheck warning for the assignment of local variable.
Add rest of shellcheck fixes from #88349
Signed-off-by: Joakim Roubert <joakim.roubert@axis.com>
The integration test for pods produces a warning caused by using deprecated
default cluster IPs.
$ make test-integration WHAT=./test/integration/pods GOFLAGS="-v"
W1007 17:25:28.217410 100721 services.go:37] No CIDR for service cluster IPs specified. Default value which was 10.0.0.0/24 is deprecated and will be removed in future releases. Please specify it using --service-cluster-ip-range on kube-apiserver.
This warning appears 36 times after running all tests. This patch removes all
the warnings.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Clarify that `REMOTE_PORT` is interpreted as identifying a _Service_ port when provided `TYPE` is `service`.
Also, highlight support for specifying a named port as `REMOTE_PORT`.
Discussion is ongoing about how to best handle dual-stack with clouds
and autodetected IPs, but there is at least agreement that people on
bare metal ought to be able to specify two explicit IPs on dual-stack
hosts, so allow that.
Several of the tests in TestNodeAddress() were no-ops because the test
code was only testing that NodeAddresses() returned all of the
expected addresses, but not testing that it was returning them in the
correct order.
The order that NodeAddresses() returns addresses in is very important,
so fix the tests to actually test it.
One existing test ("NodeIP is external") had its expectedAddresses in
the wrong order, but it seems clear from the name of the test that
this isn't actually what it expected.
Also, previously testKubeletHostname was "127.0.0.1" which ended up
interacting weirdly with the IPv4-vs-IPv6 sorting code in a way that
made some of the test results confusing if you didn't realize that
testKubeletHostname was an IPv4 address. Fix that by making it an
actual hostname instead, which then preserves the expected sorting.
