networking.go

Documentation: k8s.io/kubernetes/test/e2e/common/network

     1  /*
     2  Copyright 2016 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package network
    18  
    19  import (
    20  	"context"
    21  
    22  	"github.com/onsi/ginkgo/v2"
    23  	v1 "k8s.io/api/core/v1"
    24  	"k8s.io/apimachinery/pkg/util/sets"
    25  	"k8s.io/kubernetes/test/e2e/feature"
    26  	"k8s.io/kubernetes/test/e2e/framework"
    27  	e2enetwork "k8s.io/kubernetes/test/e2e/framework/network"
    28  	admissionapi "k8s.io/pod-security-admission/api"
    29  )
    30  
    31  var _ = SIGDescribe("Networking", func() {
    32  	f := framework.NewDefaultFramework("pod-network-test")
    33  	f.NamespacePodSecurityLevel = admissionapi.LevelPrivileged
    34  
    35  	ginkgo.Describe("Granular Checks: Pods", func() {
    36  
    37  		checkPodToPodConnectivity := func(ctx context.Context, config *e2enetwork.NetworkingTestConfig, protocol string, port int) {
    38  			// breadth first poll to quickly estimate failure.
    39  			failedPodsByHost := map[string][]*v1.Pod{}
    40  			// First time, we'll quickly try all pods, breadth first.
    41  			for _, endpointPod := range config.EndpointPods {
    42  				framework.Logf("Breadth first check of %v on host %v...", endpointPod.Status.PodIP, endpointPod.Status.HostIP)
    43  				if err := config.DialFromTestContainer(ctx, protocol, endpointPod.Status.PodIP, port, 1, 0, sets.NewString(endpointPod.Name)); err != nil {
    44  					if _, ok := failedPodsByHost[endpointPod.Status.HostIP]; !ok {
    45  						failedPodsByHost[endpointPod.Status.HostIP] = []*v1.Pod{}
    46  					}
    47  					failedPodsByHost[endpointPod.Status.HostIP] = append(failedPodsByHost[endpointPod.Status.HostIP], endpointPod)
    48  					framework.Logf("...failed...will try again in next pass")
    49  				}
    50  			}
    51  			errors := []error{}
    52  			// Second time, we pass through pods more carefully...
    53  			framework.Logf("Going to retry %v out of %v pods....", len(failedPodsByHost), len(config.EndpointPods))
    54  			for host, failedPods := range failedPodsByHost {
    55  				framework.Logf("Doublechecking %v pods in host %v which weren't seen the first time.", len(failedPods), host)
    56  				for _, endpointPod := range failedPods {
    57  					framework.Logf("Now attempting to probe pod [[[ %v ]]]", endpointPod.Status.PodIP)
    58  					if err := config.DialFromTestContainer(ctx, protocol, endpointPod.Status.PodIP, port, config.MaxTries, 0, sets.NewString(endpointPod.Name)); err != nil {
    59  						errors = append(errors, err)
    60  					} else {
    61  						framework.Logf("Was able to reach %v on %v ", endpointPod.Status.PodIP, endpointPod.Status.HostIP)
    62  					}
    63  					framework.Logf("... Done probing pod [[[ %v ]]]", endpointPod.Status.PodIP)
    64  				}
    65  				framework.Logf("succeeded at polling %v out of %v connections", len(config.EndpointPods)-len(errors), len(config.EndpointPods))
    66  			}
    67  			if len(errors) > 0 {
    68  				framework.Logf("pod polling failure summary:")
    69  				for _, e := range errors {
    70  					framework.Logf("Collected error: %v", e)
    71  				}
    72  				framework.Failf("failed,  %v out of %v connections failed", len(errors), len(config.EndpointPods))
    73  			}
    74  		}
    75  
    76  		// Try to hit all endpoints through a test container, retry 5 times,
    77  		// expect exactly one unique hostname. Each of these endpoints reports
    78  		// its own hostname.
    79  		/*
    80  			Release: v1.9, v1.18
    81  			Testname: Networking, intra pod http
    82  			Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes.
    83  			The kubectl exec on the webserver container MUST reach a http port on the each of service proxy endpoints in the cluster and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames.
    84  		*/
    85  		framework.ConformanceIt("should function for intra-pod communication: http", f.WithNodeConformance(), func(ctx context.Context) {
    86  			config := e2enetwork.NewCoreNetworkingTestConfig(ctx, f, false)
    87  			checkPodToPodConnectivity(ctx, config, "http", e2enetwork.EndpointHTTPPort)
    88  		})
    89  
    90  		/*
    91  			Release: v1.9, v1.18
    92  			Testname: Networking, intra pod udp
    93  			Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes.
    94  			The kubectl exec on the webserver container MUST reach a udp port on the each of service proxy endpoints in the cluster and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames.
    95  		*/
    96  		framework.ConformanceIt("should function for intra-pod communication: udp", f.WithNodeConformance(), func(ctx context.Context) {
    97  			config := e2enetwork.NewCoreNetworkingTestConfig(ctx, f, false)
    98  			checkPodToPodConnectivity(ctx, config, "udp", e2enetwork.EndpointUDPPort)
    99  		})
   100  
   101  		/*
   102  			Release: v1.9
   103  			Testname: Networking, intra pod http, from node
   104  			Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes.
   105  			The kubectl exec on the webserver container MUST reach a http port on the each of service proxy endpoints in the cluster using a http post(protocol=tcp)  and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames.
   106  			This test is marked LinuxOnly it breaks when using Overlay networking with Windows.
   107  		*/
   108  		framework.ConformanceIt("should function for node-pod communication: http [LinuxOnly]", f.WithNodeConformance(), func(ctx context.Context) {
   109  			config := e2enetwork.NewCoreNetworkingTestConfig(ctx, f, true)
   110  			for _, endpointPod := range config.EndpointPods {
   111  				err := config.DialFromNode(ctx, "http", endpointPod.Status.PodIP, e2enetwork.EndpointHTTPPort, config.MaxTries, 0, sets.NewString(endpointPod.Name))
   112  				if err != nil {
   113  					framework.Failf("Error dialing HTTP node to pod %v", err)
   114  				}
   115  			}
   116  		})
   117  
   118  		/*
   119  			Release: v1.9
   120  			Testname: Networking, intra pod http, from node
   121  			Description: Create a hostexec pod that is capable of curl to netcat commands. Create a test Pod that will act as a webserver front end exposing ports 8080 for tcp and 8081 for udp. The netserver service proxies are created on specified number of nodes.
   122  			The kubectl exec on the webserver container MUST reach a http port on the each of service proxy endpoints in the cluster using a http post(protocol=udp)  and the request MUST be successful. Container will execute curl command to reach the service port within specified max retry limit and MUST result in reporting unique hostnames.
   123  			This test is marked LinuxOnly it breaks when using Overlay networking with Windows.
   124  		*/
   125  		framework.ConformanceIt("should function for node-pod communication: udp [LinuxOnly]", f.WithNodeConformance(), func(ctx context.Context) {
   126  			config := e2enetwork.NewCoreNetworkingTestConfig(ctx, f, true)
   127  			for _, endpointPod := range config.EndpointPods {
   128  				err := config.DialFromNode(ctx, "udp", endpointPod.Status.PodIP, e2enetwork.EndpointUDPPort, config.MaxTries, 0, sets.NewString(endpointPod.Name))
   129  				if err != nil {
   130  					framework.Failf("Error dialing UDP from node to pod: %v", err)
   131  				}
   132  			}
   133  		})
   134  
   135  		f.It("should function for intra-pod communication: sctp [LinuxOnly]", feature.SCTPConnectivity, func(ctx context.Context) {
   136  			config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.EnableSCTP)
   137  			checkPodToPodConnectivity(ctx, config, "sctp", e2enetwork.EndpointSCTPPort)
   138  		})
   139  
   140  		f.It("should function for node-pod communication: sctp [LinuxOnly]", feature.SCTPConnectivity, func(ctx context.Context) {
   141  			ginkgo.Skip("Skipping SCTP node to pod test until DialFromNode supports SCTP #96482")
   142  			config := e2enetwork.NewNetworkingTestConfig(ctx, f, e2enetwork.EnableSCTP)
   143  			for _, endpointPod := range config.EndpointPods {
   144  				err := config.DialFromNode(ctx, "sctp", endpointPod.Status.PodIP, e2enetwork.EndpointSCTPPort, config.MaxTries, 0, sets.NewString(endpointPod.Name))
   145  				if err != nil {
   146  					framework.Failf("Error dialing SCTP from node to pod: %v", err)
   147  				}
   148  			}
   149  		})
   150  
   151  	})
   152  })
   153
View as plain text