Due to a rebase glitch the fmt.Sprintf() was lost.
This patches restores it improving the logs readability.
Signed-off-by: Francesco Romani <fromani@redhat.com>
CRUD operations are the extent of conformance testing that we can add
for NetworkPolicy tests since we require a 3rd party plugin like CNI
for enforcement.
Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Adds Windows support for most of the images.
Adds a README explaining the image building process, including the
Windows Container image building process.
This PR removes a TODO comment by adding some netmask tests. The TODO comment
introduced by commit e768924a62 "validate entry in ipset".
// TODO: CIDR /32 may not be valid
The comment says that 32 is invalid netmask, but in reality values from 0 to
32 are valid because the result of the Linux ipset command says so.
$ sudo ipset create foo hash:ip,port,net
$ sudo ipset add foo 10.20.30.40,53,192.168.3.1/33
ipset v7.5: Syntax error: '33' is out of range 0-32
$ sudo ipset --version
ipset v7.5, protocol version: 7
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
In #56164, we had split the reject rules for non-ep existing services
into KUBE-EXTERNAL-SERVICES chain in order to avoid calling KUBE-SERVICES
from INPUT. However in #74394 KUBE-SERVICES was re-added into INPUT.
As noted in #56164, kernel is sensitive to the size of INPUT chain. This
patch refrains from calling the KUBE-SERVICES chain from INPUT and FORWARD,
instead adds the lb reject rule to the KUBE-EXTERNAL-SERVICES chain which will be
called from INPUT and FORWARD.
A previous commit added a few agnhost related functions that creates agnhost
pods / containers for general purposes.
Refactors tests to use those functions.
The CreateSync method includes the waiting for the pod to become running
and returns a fresh new pod instance.
In addition, errors are asserted in the method.
Therefore, there is no need for the callers to repeat these operations.
Some, like the error assertions, will never be reached in case they
occur as they will explode from within the method itself.
Signed-off-by: Edward Haas <edwardh@redhat.com>
I've observed this test occasionally failing due to 403 errors. I think there's something racing within apiserver w/ respect to RBAC and that if this test were more patient, then it would not flake this way.
Currently, if users try to use external diff command with arguments
will fail because the entire command won't be available through $PATH.
This patch allow users to use external diff tools with args (or not)
via KUBECTL_EXTERNAL_DIFF env.
Reference: https://github.com/kubernetes/kubectl/issues/937
Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
The unit test for controlplane produces a warning caused by using deprecated default cluster IPs.
make test WHAT=./pkg/controlplane GOFLAGS=-v
W1015 07:42:59.203836 111754 services.go:37] No CIDR for service cluster IPs specified. Default value which was 10.0.0.0/24 is deprecated and will be removed in future releases. Please specify it using --service-cluster-ip-range on kube-apiserver.
This warning appears in six tests, TestValidOpenAPISpec, TestLegacyRestStorageStrategies, TestCertificatesRestStorageStrategies, TestVersion, TestAPIVersionOfDiscoveryEndpoints, TestStorageVersionHashes and TestStorageVersionHashEqualities.
This patch fixes the warning by passing ServiceIPRange.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
- Due to performance issues, service controller updates are slow
in large clusters, causing failing tests. Tag can be removed once
performance issues are resolved
