fix/e2e/loadbalancer: preventing binding on privileged ports, and added nlb cases by mtulio · Pull Request #1153 · kubernetes/cloud-provider-aws

mtulio · 2025-05-30T02:59:03Z

What type of PR is this?

/kind bug
/kind failing-test
/kind flake

What this PR does / why we need it:

This change fixes the e2e loadbalancer by preventing running tests in privileged ports, which was making tests to fail in distributions which restricts that configuration.

The issue details #1150

Furthermore, this also introduce the test cases more generically, including two scenarios not covered yet:

NLB
NLB with node selectors

Which issue(s) this PR fixes:

Fixes #1150

Special notes for your reviewer:

The test framework implements mostly the code, but unfortunately the port of the target/pod is tied to the library (jig) - not exported, causing some code duplication to provide one off fix here.

There is a discussion here with some options.

Does this PR introduce a user-facing change?:

NONE

k8s-ci-robot · 2025-05-30T02:59:11Z

This issue is currently awaiting triage.

If cloud-provider-aws contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

k8s-ci-robot · 2025-05-30T02:59:12Z

Welcome @mtulio!

It looks like this is your first PR to kubernetes/cloud-provider-aws 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/cloud-provider-aws has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

k8s-ci-robot · 2025-05-30T02:59:13Z

Hi @mtulio. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

mtulio · 2025-05-30T03:20:02Z

$ ./e2e.test  --ginkgo.focus="loadbalancer" 
  W0530 00:08:35.130637 2533371 test_context.go:478] Unable to find in-cluster config, using default host : https://127.0.0.1:6443
  May 30 00:08:35.130: INFO: The --provider flag is not set. Continuing as if --provider=skeleton had been used.
Running Suite: AWS Cloud Provider End-to-End Tests - /devel/rosa
==============================================================================================
Random Seed: 1748574515 - will randomize all specs

Will run 3 of 5 specs
------------------------------
[cloud-provider-aws-e2e] loadbalancer should configure the loadbalancer based on annotations
(...)
• [134.221 seconds]
------------------------------
S
------------------------------
[cloud-provider-aws-e2e] loadbalancer NLB should configure the loadbalancer with target-node-labels
(....)
 May 30 00:11:16.617: INFO: Found 2 worker nodes
(...)

• [188.525 seconds]
------------------------------
S
------------------------------
[cloud-provider-aws-e2e] loadbalancer NLB should configure the loadbalancer based on annotations
(...)
• [178.780 seconds]
------------------------------

Ran 3 of 5 Specs in 501.527 seconds
SUCCESS! -- 3 Passed | 0 Failed | 0 Pending | 2 Skipped
PASS

kmala · 2025-05-30T05:16:29Z

/ok-to-test

mtulio · 2025-05-30T10:40:00Z

@mtulio: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-cloud-provider-aws-e2e fdc9e65 link true /test pull-cloud-provider-aws-e2e
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

oops, missed local changes. retesting:

/test pull-cloud-provider-aws-e2e

mtulio · 2025-05-30T20:57:04Z

Fixing node label discovery to support different k8s distributions - e.g. CI infra uses node-role.kubernetes.io/Node

mtulio · 2025-05-30T20:57:13Z

Fixing node label discovery to support different k8s distributions - e.g. CI infra uses node-role.kubernetes.io/Node

/test pull-cloud-provider-aws-e2e

mtulio · 2025-05-31T02:02:36Z

@mtulio: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-cloud-provider-aws-e2e 9dc6148 link unknown /test pull-cloud-provider-aws-e2e
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Learning with CI infra here, the node-role tag shows different from reported by get nodes, fixing to lower case and trying again:

/test pull-cloud-provider-aws-e2e

mtulio · 2025-05-31T18:13:11Z

/test all

mtulio · 2025-06-03T20:14:10Z

Assigning the github recommendations, PTAL?:
/assign dims nckturner

mtulio · 2025-06-04T17:14:26Z

cc @JoelSpeed @elmiko

elmiko

this makes sense to me, i just have a minor nit that might help with triaging.

tests/e2e/loadbalancer.go

This change enhance test scenarios by: - supporting more distributions which does not allow pods to bind on privileged ports (default behavior of libjig, see issue - refact tests to allow adding more cases - introduce tests to NLB, including advanced tests to validate the node selector annotation. AWS SDK is added to satisfy this validatoin.

elmiko

thanks @mtulio , let's see if this works. feel free to remove the hold once the tests pass.

/approve
/lgtm

/hold for tests

mtulio · 2025-06-06T20:06:58Z

thanks @mtulio , let's see if this works. feel free to remove the hold once the tests pass.

/approve /lgtm

/hold for tests

Thanks! LGTM tests.
/hold cancel

kmala · 2025-06-07T06:12:52Z

/approve

k8s-ci-robot · 2025-06-07T06:13:00Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: elmiko, kmala

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [kmala]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

-#1215-#1217-#1214-upstream-release-1.33 Automated cherry pick of #1153: e2e/deps: enhance test scenarios with NLB #1161: e2e/loadbalancer: implement hairpin connection cases #1215: refact: e2e tests documenting hooks and enhance logging/steps #1217: e2e/debug: increase data collection on e2e failures #1214: doc/service: describe supported target group attributes

-#1215-#1217-#1214-upstream-release-1.32 Automated cherry pick of #1153: e2e/deps: enhance test scenarios with NLB #1161: e2e/loadbalancer: implement hairpin connection cases #1215: refact: e2e tests documenting hooks and enhance logging/steps #1217: e2e/debug: increase data collection on e2e failures #1214: doc/service: describe supported target group attributes

-#1215-#1217-#1214-upstream-release-1.31 Automated cherry pick of #1153: e2e/deps: enhance test scenarios with NLB #1161: e2e/loadbalancer: implement hairpin connection cases #1215: refact: e2e tests documenting hooks and enhance logging/steps #1217: e2e/debug: increase data collection on e2e failures #1214: doc/service: describe supported target group attributes

e2e/deps: enhance test scenarios with NLB

1c78a7b

k8s-ci-robot requested review from nckturner and olemarkus May 30, 2025 02:59

k8s-ci-robot added the needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. label May 30, 2025

k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 30, 2025

k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label May 30, 2025

mtulio changed the title ~~fix/e2e: preventing binding on privileged ports and intro nlb tests~~ fix/e2e: added nlb tests preventing binding on privileged ports May 30, 2025

mtulio changed the title ~~fix/e2e: added nlb tests preventing binding on privileged ports~~ fix/e2e/loadbalancer: added nlb preventing binding on privileged ports May 30, 2025

k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels May 30, 2025

mtulio force-pushed the e2e-issue-1150 branch from fdc9e65 to fea571e Compare May 30, 2025 10:38

mtulio force-pushed the e2e-issue-1150 branch 2 times, most recently from 65ebb0d to 9dc6148 Compare May 30, 2025 20:55

mtulio force-pushed the e2e-issue-1150 branch from 9dc6148 to 61e76f6 Compare May 31, 2025 02:01

k8s-ci-robot assigned kmala Jun 2, 2025

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 2, 2025

k8s-ci-robot assigned dims and nckturner Jun 3, 2025

mtulio changed the title ~~fix/e2e/loadbalancer: added nlb preventing binding on privileged ports~~ fix/e2e/loadbalancer: preventing binding on privileged ports, and added nlb Jun 5, 2025

mtulio changed the title ~~fix/e2e/loadbalancer: preventing binding on privileged ports, and added nlb~~ fix/e2e/loadbalancer: preventing binding on privileged ports, and added nlb cases Jun 5, 2025

elmiko reviewed Jun 6, 2025

View reviewed changes

tests/e2e/loadbalancer.go Outdated Show resolved Hide resolved

mtulio force-pushed the e2e-issue-1150 branch from f9d61fb to 647b1b2 Compare June 6, 2025 14:36

k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 6, 2025

elmiko reviewed Jun 6, 2025

View reviewed changes

k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 6, 2025

k8s-ci-robot assigned elmiko Jun 6, 2025

k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 6, 2025

k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 6, 2025

k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 7, 2025

k8s-ci-robot merged commit 31a4ec4 into kubernetes:master Jun 7, 2025
11 checks passed

mtulio deleted the e2e-issue-1150 branch June 8, 2025 22:24

vitrixLab mentioned this pull request Jan 12, 2026

Resolved merge conflicts by aligning e2e test helpers with the updated upstream signatures that now require context.Context. #1327

Closed

Conversation

mtulio commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

k8s-ci-robot commented May 30, 2025

Uh oh!

k8s-ci-robot commented May 30, 2025

Uh oh!

k8s-ci-robot commented May 30, 2025

Uh oh!

mtulio commented May 30, 2025

Uh oh!

kmala commented May 30, 2025

Uh oh!

mtulio commented May 30, 2025

Uh oh!

mtulio commented May 30, 2025

Uh oh!

mtulio commented May 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mtulio commented May 31, 2025

Uh oh!

mtulio commented May 31, 2025

Uh oh!

mtulio commented Jun 3, 2025

Uh oh!

mtulio commented Jun 4, 2025

Uh oh!

elmiko left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

elmiko left a comment

Choose a reason for hiding this comment

Uh oh!

mtulio commented Jun 6, 2025

Uh oh!

kmala commented Jun 7, 2025

Uh oh!

k8s-ci-robot commented Jun 7, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

mtulio commented May 30, 2025 •

edited

Loading

mtulio commented May 30, 2025 •

edited

Loading