e2e test cases for basic SCTP testing #88196
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
|
Hi @janosi. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
area/e2e-test-framework
|
/assign |
k8s-ci-robot
added
size/XL
janosi
changed the title
k8s-ci-robot
added
area/dependency
k8s-ci-robot
removed
the
needs-rebase
test/e2e/network/util.go
Outdated
| if err != nil { | ||
| framework.Logf("sctp module is not loaded or error occured while executing command %s on node: %v", cmd, err) | ||
| return false | ||
| } else { | ||
| framework.Logf("the sctp module is loaded on node: %v", node.Name) | ||
| return true | ||
| for _, line := range strings.Split(result, "\n") { |
There was a problem hiding this comment.
do this block needs to be inside the else?
it seems that if err != nil it will return so no need to use it
test/e2e/network/util.go
Outdated
| framework.Logf("the sctp module is loaded on node: %v", node.Name) | ||
| return true | ||
| for _, line := range strings.Split(result, "\n") { | ||
| if !strings.Contains(line, "xt_sctp") && !!strings.Contains(line, "nf_conntrack_proto_sctp") { |
There was a problem hiding this comment.
sorry if this is a dumb question but if I do execute in my host I have
linux-6my5:~ # lsmod | grep sctp
sctp_diag 16384 0
sctp 352256 39 sctp_diag
inet_diag 20480 4 raw_diag,tcp_diag,sctp_diag,udp_diag
libcrc32c 16384 5 ip_vs,nf_conntrack,xfs,nf_nat,sctp
is this if looking for a line that does not contain xt_sctp and nf_conntrack_proto_sctp?
There was a problem hiding this comment.
Well, that if tries to filter out those modules that are not harmful from userspace SCTP stack perspective. But the best would be to check if the sctp module is loaded or not.
There was a problem hiding this comment.
Coded a more sophisticated one with regex.
test/e2e/network/network_policy.go
Outdated
| @@ -1482,9 +1484,48 @@ var _ = SIGDescribe("NetworkPolicy [LinuxOnly]", func() { | |||
| }) | |||
| cleanupServerPodAndService(f, podA, serviceA) | |||
| }) | |||
| ginkgo.It("should allow acces only for SCTP on port 80 [Feature:NetworkPolicy] [Feature:SCTP]", func() { | |||
There was a problem hiding this comment.
typo "acces"
but this test name doesn't describe what the test is doing well.
"It should not allow access by TCP when a policy specifies only SCTP" or something like that
test/e2e/network/service.go
Outdated
| cs = f.ClientSet | ||
| }) | ||
|
|
||
| ginkgo.It("should serve a basic SCTP service with pod and endpoints", func() { |
There was a problem hiding this comment.
"serve" makes it sound like this is testing that network traffic actually works, which it is not
"should allow creating a basic SCTP service with pod and endpoints"
test/e2e/network/service.go
Outdated
| framework.ExpectNoError(err, "failed to delete service: %s in namespace: %s", serviceName, ns) | ||
| }() | ||
|
|
||
| err = framework.WaitForService(f.ClientSet, ns, serviceName, true, 5*time.Second, 45*time.Second) |
There was a problem hiding this comment.
meh. test cases shouldn't have hard-coded time values, they should use constants defined in e2e/framework... But the tests are kind of a mess and there are no obvious constants you could use here... I guess replace 45*time.Second with e2eservice.TestTimeout.
test/e2e/network/service.go
Outdated
| framework.ExpectNoError(err, "failed to delete service: %s in namespace: %s", serviceName, ns) | ||
| }() | ||
|
|
||
| err = framework.WaitForService(f.ClientSet, ns, serviceName, true, 5*time.Second, 45*time.Second) |
There was a problem hiding this comment.
e2eservice.TestTimeout again
test/e2e/network/service.go
Outdated
| framework.Failf("The state of the sctp module has changed due to the test case") | ||
| } | ||
| }) | ||
| ginkgo.It("should create a NodePort Service with SCTP ports", func() { |
There was a problem hiding this comment.
Hm... I'm not sure this is really testing much more than the non-NodePort test. May not be worth having both.
test/e2e/network/util.go
Outdated
|
|
||
| // VerifySCTPModuleLoadedOnNodes checks whether any node on the list has the | ||
| // sctp.ko module loaded | ||
| func VerifySCTPModuleLoadedOnNodes(f *framework.Framework, nodes *v1.NodeList) bool { |
There was a problem hiding this comment.
"Verify" makes it sound like the goal of the function is to ensure that SCTP is loaded, when in fact we want the opposite. Maybe rename to CheckSCTPModuleLoadedOnNodes? Or else VerifySCTPModuleNotLoadedOnNodes but then you'd have to flip the sense of the return value too.
| @@ -76,3 +79,27 @@ func newAgnhostPod(name string, args ...string) *v1.Pod { | |||
| }, | |||
| } | |||
| } | |||
|
|
|||
| // VerifySCTPModuleLoadedOnNodes checks whether any node on the list has the | |||
| // sctp.ko module loaded | |||
There was a problem hiding this comment.
This is probably also a good place to document why we are doing this:
// For security reasons, and also to allow clusters to use userspace SCTP implementations,
// we require that just creating an SCTP Pod/Service/NetworkPolicy must not do anything
// that would cause the sctp kernel module to be loaded.
12f0791
to
377260f
Compare
|
/retest |
Add SCTP NetworkPolicy test.
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
oops, and |
|
/retest |
|
/retest |
1 similar comment
|
/retest |
|
sigh |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: danwinship, janosi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
that happened a while back |
k8s-ci-robot
removed
the
do-not-merge/hold
|
/retest |
3 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest Review the full test history for this PR. Silence the bot with an |
4 similar comments
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/retest Review the full test history for this PR. Silence the bot with an |
|
/retest Review the full test history for this PR. Silence the bot with an |
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR is to implement the basic e2e test cases for the SCTP support feature as defined at https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/0015-20180614-SCTP-support.md#basic-tests
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: