e2e/loadbalancer: added hairpin connection cases #1161
Conversation
k8s-ci-robot
added
release-note-none
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
needs-triage
|
This issue is currently awaiting triage. If cloud-provider-aws contributors determine this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @mtulio. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/L
mtulio
changed the title
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
CI infra issue. /test pull-cloud-provider-aws-e2e |
mtulio
force-pushed
the
e2e-hairpin
branch
2 times, most recently
from
a623f3d to
5099f7f
Compare
|
I am observing a permanent failure on CI when launching the cluster trying to use an image that is no longer available: Hi @kmala @elmiko, do you know if is this comes from the test framework or is it possible to use a valid image in CCM repo? |
Implementing the hairpin connection test cases, and exposing an issue on NLB with internal scheme which fails when the client is trying to access a service loadbalancer which is hosted in the same node. The hairpin connection is caused by the client IP preservation attribute is set to true (default), and the service does not provide an interface to prevent the issue. The e2e is expecting to pass to prevent permanent failures in CI, but it is tracked by an issue kubernetes#1160.
|
An issue has been opened to track the CI problem: #1167 |
|
looks like pull-cloud-provider-aws-e2e is running (and stuck) in the last 48h. Just stopped it and trying to run again: /test pull-cloud-provider-aws-e2e |
|
/test pull-cloud-provider-aws-e2e-kubetest2 |
|
Looks like #1167 has been resolved. I manually stopped the running job (42h+); Triggering it again: /test pull-cloud-provider-aws-e2e |
What type of PR is this?
/kind bug
/kind failing-test
What this PR does / why we need it:
Implementing the hairpin connection test cases, and exposing an issue on NLB with internal scheme which fails when the client is trying to access a service loadbalancer which is hosted in the same node.
The hairpin connection is caused by the client IP preservation attribute is set to true (default), and the service does not provide an interface to prevent the issue.
The e2e is expecting to pass to prevent permanent failures in CI, but it is tracked by an issue #1160.
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer:
Those tests are important to increase coverage of scenarios that CCM declares as supported.
I also believe we can remove the hairpin with scheme internet-facing (public) LBs because the source IPs would be traversing a VPC gateway (IGW/NGW) and masquerade the real source, not reproducing the problem we are trying to expose in #1160. Thoughts?
Does this PR introduce a user-facing change?: