test: verify source IP is preserved

Author: dkoshkin

test/e2e/serviceloadbalancer_helpers.go

@@ -9,6 +9,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"net/url"
 	"strings"
@@ -20,6 +21,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/klog/v2"
 	"k8s.io/utils/ptr"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/test/framework"
@@ -170,6 +172,29 @@ func EnsureLoadBalancerService(
 	}
 	output := testServiceLoadBalancer(ctx, getClientIPURL, input.ServiceIntervals)
 	Expect(output).ToNot(BeEmpty())
+	klog.Infof("Kubernetes Service LoadBalancer output: %q", output)
+
+	By("Verifying that the source IP is not part of the Cluster's Service subnet")
+	// It is not simple to get the source IP of the runner because its possible connect through a VPN.
+	//
+	// When source IP preservation is not enabled,
+	// the source IP that the LoadBalancer Service responds with would be part of the Cluster's Service subnet.
+	// In this case we test the source IP is different from the Service IP.
+	// The output will be something like:
+	// 192.168.1.141:32768 - when source IP preservation is not enabled.
+	// 10.22.24.12:32768 - when source IP preservation is enabled.
+	// Get the source IP from the output.
+	sourceIPStr := strings.Split(output, ":")[0]
+	sourceIP := net.ParseIP(sourceIPStr)
+	Expect(sourceIP).ToNot(BeNil())
+	// Get the Cluster's Service subnet.
+	serviceCIDRStr := input.WorkloadCluster.Spec.ClusterNetwork.Services.CIDRBlocks[0]
+	_, serviceCIDR, err := net.ParseCIDR(serviceCIDRStr)
+	Expect(err).ToNot(HaveOccurred())
+	Expect(sourceIP).ToNot(BeNil())
+	// Verify that the source IP is not part of the Cluster's Service subnet,
+	// i.e. it will be the external client's IP.
+	Expect(serviceCIDR.Contains(sourceIP)).To(BeFalse())
 }
 
 func createTestService(