Skip to content

Commit

Permalink
Add test to ensure pods on control plane can access Kube API server
Browse files Browse the repository at this point in the history
This test is added to showcase primary network not working as expected
on Kind control plane nodes with thick plugin installed.

Signed-off-by: Vasilis Remmas <[email protected]>
  • Loading branch information
vasrem committed Apr 11, 2024
1 parent b6206a0 commit 6641f87
Show file tree
Hide file tree
Showing 5 changed files with 113 additions and 17 deletions.
25 changes: 25 additions & 0 deletions e2e/templates/simple-macvlan1.yml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -61,3 +61,28 @@ spec:
privileged: true
nodeSelector:
kubernetes.io/hostname: kind-worker2
---
apiVersion: v1
kind: Pod
metadata:
name: macvlan1-control-plane
annotations:
k8s.v1.cni.cncf.io/networks: '[
{ "name": "macvlan1-config",
"ips": [ "10.1.1.13/24" ] }
]'
labels:
app: macvlan
spec:
containers:
- name: macvlan-control-plane
image: nicolaka/netshoot:v0.12
command: ["/bin/sleep", "10000"]
securityContext:
privileged: true
nodeSelector:
kubernetes.io/hostname: kind-control-plane
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: "Exists"
effect: NoSchedule
15 changes: 0 additions & 15 deletions e2e/templates/simple-pod.yml.j2

This file was deleted.

35 changes: 35 additions & 0 deletions e2e/templates/simple-pods.yml.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
apiVersion: v1
kind: Pod
metadata:
name: simple-worker
annotations:
labels:
app: simple
spec:
containers:
- name: simple-worker
image: nicolaka/netshoot:v0.12
command: ["/bin/sleep", "10000"]
securityContext:
privileged: true
---
apiVersion: v1
kind: Pod
metadata:
name: simple-control-plane
labels:
app: simple
spec:
containers:
- name: simple-control-plane
image: nicolaka/netshoot:v0.12
command: ["/bin/sleep", "10000"]
securityContext:
privileged: true
nodeSelector:
kubernetes.io/hostname: kind-control-plane
tolerations:
- key: node-role.kubernetes.io/control-plane
operator: "Exists"
effect: NoSchedule
17 changes: 17 additions & 0 deletions e2e/test-simple-macvlan1.sh
Original file line number Diff line number Diff line change
Expand Up @@ -38,5 +38,22 @@ if [ $ipaddr != "10.1.1.12" ]; then
echo "macvlan1-worker2 IP address is different: ${ipaddr}"
fi

echo "check eventual connectivity of macvlan1-control-plane Pod to the Kubernetes API server"
for i in `seq 1 10`;
do
ret=$(kubectl exec macvlan1-control-plane -- nc -zvw1 kubernetes 443)
if [ $? -eq 0 ]; then
echo "macvlan1-control-plane reached the Kubernetes API server"
break
fi

if [ $i -eq 10 ]; then
echo "macvlan1-control-plane couldn't connect to the Kubernetes API server"
exit 1
fi

sleep 1
done

echo "cleanup resources"
kubectl delete -f yamls/simple-macvlan1.yml
38 changes: 36 additions & 2 deletions e2e/test-simple-pod.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,42 @@ set -o errexit

export PATH=${PATH}:./bin

kubectl create -f yamls/simple-pod.yml
kubectl create -f yamls/simple-pods.yml
kubectl wait --for=condition=ready -l app=simple --timeout=300s pod

echo "check eventual connectivity of simple-worker Pod to the Kubernetes API server"
for i in `seq 1 10`;
do
ret=$(kubectl exec simple-worker -- nc -zvw1 kubernetes 443)
if [ $? -eq 0 ]; then
echo "simple-worker reached the Kubernetes API server"
break
fi

if [ $i -eq 10 ]; then
echo "simple-worker couldn't connect to the Kubernetes API server"
exit 1
fi

sleep 1
done

echo "check eventual connectivity of simple-control-plane Pod to the Kubernetes API server"
for i in `seq 1 10`;
do
ret=$(kubectl exec simple-control-plane -- nc -zvw1 kubernetes 443)
if [ $? -eq 0 ]; then
echo "simple-control-plane reached the Kubernetes API server"
break
fi

if [ $i -eq 10 ]; then
echo "simple-control-plane couldn't connect to the Kubernetes API server"
exit 1
fi

sleep 1
done

echo "cleanup resources"
kubectl delete -f yamls/simple-pod.yml
kubectl delete -f yamls/simple-pods.yml

0 comments on commit 6641f87

Please sign in to comment.