Skip to content
This repository was archived by the owner on Jun 20, 2024. It is now read-only.

Commit 1a543c6

Browse files
bborehambboreham
committed
Extend kubernetes test to include virtual IP
1 parent b96399b commit 1a543c6

File tree

1 file changed

+26
-0
lines changed

1 file changed

+26
-0
lines changed

Diff for: test/840_weave_kube_3_test.sh

+26
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,10 @@ NUM_HOSTS=$(howmany $HOSTS)
1818
SUCCESS="$(( $NUM_HOSTS * ($NUM_HOSTS-1) )) established"
1919
KUBECTL="sudo kubectl --kubeconfig /etc/kubernetes/admin.conf"
2020
KUBE_PORT=6443
21+
WEAVE_NETWORK=10.32.0.0/12
2122
IMAGE=weaveworks/network-tester:latest
2223
DOMAIN=nettest.default.svc.cluster.local.
24+
VIRTUAL=netvirt.default.svc.cluster.local.
2325

2426
tear_down_kubeadm
2527

@@ -134,6 +136,21 @@ spec:
134136
run: nettest
135137
EOF
136138

139+
# And a regular service so we can test virtual IP access
140+
run_on $HOST1 "$KUBECTL create -f -" <<EOF
141+
apiVersion: v1
142+
kind: Service
143+
metadata:
144+
name: netvirt
145+
spec:
146+
ports:
147+
- port: 80
148+
targetPort: 8080
149+
protocol: TCP
150+
selector:
151+
run: nettest
152+
EOF
153+
137154
podName=$($SSH $HOST1 "$KUBECTL get pods -l run=nettest -o go-template='{{(index .items 0).metadata.name}}'")
138155

139156
check_all_pods_communicate() {
@@ -170,6 +187,14 @@ assert_raises 'wait_for_x check_all_pods_communicate pods'
170187
# nettest-deny should still not be able to reach nettest pods
171188
assert_raises "! $SSH $HOST1 $KUBECTL exec $denyPodName -- curl -s -S -f -m 2 http://$DOMAIN:8080/status >/dev/null"
172189

190+
# check access via virtual IP
191+
assert_raises "$SSH $HOST1 $KUBECTL exec $podName -- curl -s -S -f -m 2 http://$VIRTUAL/status >/dev/null"
192+
assert_raises "! $SSH $HOST1 $KUBECTL exec $denyPodName -- curl -s -S -f -m 2 http://$VIRTUAL/status >/dev/null"
193+
194+
# host should not be able to reach pods via nodePort
195+
VIRTUAL_IP="$SSH $HOST1 $KUBECTL get service netvirt -o template --template={{.spec.clusterIP}}"
196+
assert_raises "! $SSH $HOST1 curl -s -S -f -m 2 http://$VIRTUAL_IP/status >/dev/null"
197+
173198
# allow access for nettest-deny
174199
run_on $HOST1 "$KUBECTL apply -f -" <<EOF
175200
apiVersion: networking.k8s.io/v1
@@ -210,6 +235,7 @@ spec:
210235
EOF
211236

212237
assert_raises "$SSH $HOST1 $KUBECTL exec $denyPodName -- curl -s -S -f -m 2 http://$DOMAIN:8080/status >/dev/null"
238+
assert_raises "$SSH $HOST1 curl -s -S -f -m 2 http://$VIRTUAL_IP/status >/dev/null"
213239

214240
tear_down_kubeadm
215241

0 commit comments

Comments
 (0)