Fix allowed-ip-ranges for IPv6 test scenario

kubernetes-sigs · Nov 20, 2023 · e049ec4 · e049ec4
1 parent e27297f
commit e049ec4
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/pkg/consts/consts.go b/pkg/consts/consts.go
@@ -283,6 +283,8 @@ const (
 	ServiceAnnotationAllowedServiceTags = "service.beta.kubernetes.io/azure-allowed-service-tags"
 
 	// ServiceAnnotationAllowedIPRanges is the annotation used on the service
+	// to specify a list of allowed IP Ranges separated by comma.
+	// It is compatible with both IPv4 and IPV6 CIDR formats.
 	ServiceAnnotationAllowedIPRanges = "service.beta.kubernetes.io/azure-allowed-ip-ranges"
 
 	// ServiceAnnotationDenyAllExceptLoadBalancerSourceRanges  denies all traffic to the load balancer except those

diff --git a/tests/e2e/network/network_security_group.go b/tests/e2e/network/network_security_group.go
@@ -392,9 +392,20 @@ var _ = Describe("Network security group", Label(utils.TestSuiteLabelNSG), func(
 			return true
 		}
 
-		allowedIPRanges := []string{
-			"10.20.0.0/16",
-			"192.168.0.1/32",
+		var allowedIPRanges []string
+
+		v4Enabled, v6Enabled := utils.IfIPFamiliesEnabled(tc.IPFamily)
+		if v4Enabled {
+			allowedIPRanges = append(allowedIPRanges,
+				"10.20.0.0/16",
+				"192.168.0.1/32",
+			)
+		}
+		if v6Enabled {
+			allowedIPRanges = append(allowedIPRanges,
+				"2c0f:fe40:8000::/48",
+				"2c0f:feb0::/43",
+			)
 		}
 
 		ipFamilyPolicy := v1.IPFamilyPolicyPreferDualStack