Add e2e tests for ex gw pods in terminating or not ready state

arkadeepsen · arkadeepsen · commit d565fd869e15 · 2025-07-21T14:41:46.000+05:30
Signed-off-by: arkadeepsen &lt;arsen@redhat.com&gt;
diff --git a/test/e2e/external_gateways.go b/test/e2e/external_gateways.go
@@ -42,6 +42,16 @@ const (
 	anyLink                         = "any"
 )
 
+// GatewayRemovalType defines ways to remove pod as external gateway
+type GatewayRemovalType string
+
+const (
+	GatewayUpdate            GatewayRemovalType = "GatewayUpdate"
+	GatewayDelete            GatewayRemovalType = "GatewayDelete"
+	GatewayDeletionTimestamp GatewayRemovalType = "GatewayDeletionTimestamp"
+	GatewayNotReady          GatewayRemovalType = "GatewayNotReady"
+)
+
 func getOverrideNetwork() (string, string, string) {
 	// When the env variable is specified, we use a different docker network for
 	// containers acting as external gateways.
@@ -875,10 +885,15 @@ var _ = ginkgo.Describe("External Gateway", feature.ExternalGateway, func() {
 				ginkgo.Entry("IPV6 udp", &addressesv6, "udp"),
 				ginkgo.Entry("IPV6 tcp", &addressesv6, "tcp"))
 
-			ginkgo.DescribeTable("ExternalGWPod annotation: Should validate conntrack entry deletion for TCP/UDP traffic via multiple external gateways a.k.a ECMP routes", func(addresses *gatewayTestIPs, protocol string, deletePod bool) {
+			ginkgo.DescribeTable("ExternalGWPod annotation: Should validate conntrack entry deletion for TCP/UDP traffic via multiple external gateways a.k.a ECMP routes", func(addresses *gatewayTestIPs, protocol string, removalType GatewayRemovalType) {
 				if addresses.srcPodIP == "" || addresses.nodeIP == "" {
 					skipper.Skipf("Skipping as pod ip / node ip are not set pod ip %s node ip %s", addresses.srcPodIP, addresses.nodeIP)
 				}
+
+				if removalType == GatewayNotReady {
+					recreatePodWithReadinessProbe(f, gatewayPodName2, nodes.Items[1].Name, servingNamespace, sleepCommand, nil)
+				}
+
 				ginkgo.By("Annotate the external gw pods to manage the src app pod namespace")
 				for i, gwPod := range []string{gatewayPodName1, gatewayPodName2} {
 					networkIPs := fmt.Sprintf("\"%s\"", addresses.gatewayIPs[i])
@@ -925,15 +940,9 @@ var _ = ginkgo.Describe("External Gateway", feature.ExternalGateway, func() {
 				totalPodConnEntries := pokeConntrackEntries(nodeName, addresses.srcPodIP, protocol, nil)
 				gomega.Expect(totalPodConnEntries).To(gomega.Equal(6)) // total conntrack entries for this pod/protocol
 
-				if deletePod {
-					ginkgo.By(fmt.Sprintf("Delete second external gateway pod %s from ns %s", gatewayPodName2, servingNamespace))
-					err = f.ClientSet.CoreV1().Pods(servingNamespace).Delete(context.TODO(), gatewayPodName2, metav1.DeleteOptions{})
-					framework.ExpectNoError(err, "Delete the gateway pod failed: %v", err)
-					// give some time to handle pod delete event
-					time.Sleep(5 * time.Second)
-				} else {
-					ginkgo.By("Remove second external gateway pod's routing-namespace annotation")
-					annotatePodForGateway(gatewayPodName2, servingNamespace, "", addresses.gatewayIPs[1], false)
+				cleanUpFn := handleGatewayPodRemoval(f, removalType, gatewayPodName2, servingNamespace, addresses.gatewayIPs[1], true)
+				if cleanUpFn != nil {
+					defer cleanUpFn()
 				}
 
 				// ensure the conntrack deletion tracker annotation is updated
@@ -973,12 +982,20 @@ var _ = ginkgo.Describe("External Gateway", feature.ExternalGateway, func() {
 				gomega.Expect(podConnEntriesWithMACLabelsSet).To(gomega.Equal(0)) // we don't have any remaining gateways left
 				gomega.Expect(totalPodConnEntries).To(gomega.Equal(4))            // 6-2
 			},
-				ginkgo.Entry("IPV4 udp", &addressesv4, "udp", false),
-				ginkgo.Entry("IPV4 tcp", &addressesv4, "tcp", false),
-				ginkgo.Entry("IPV6 udp", &addressesv6, "udp", false),
-				ginkgo.Entry("IPV6 tcp", &addressesv6, "tcp", false),
-				ginkgo.Entry("IPV4 udp + pod delete", &addressesv4, "udp", true),
-				ginkgo.Entry("IPV6 tcp + pod delete", &addressesv6, "tcp", true),
+				ginkgo.Entry("IPV4 udp + pod annotation update", &addressesv4, "udp", GatewayUpdate),
+				ginkgo.Entry("IPV4 tcp + pod annotation update", &addressesv4, "tcp", GatewayUpdate),
+				ginkgo.Entry("IPV6 udp + pod annotation update", &addressesv6, "udp", GatewayUpdate),
+				ginkgo.Entry("IPV6 tcp + pod annotation update", &addressesv6, "tcp", GatewayUpdate),
+				ginkgo.Entry("IPV4 udp + pod delete", &addressesv4, "udp", GatewayDelete),
+				ginkgo.Entry("IPV6 tcp + pod delete", &addressesv6, "tcp", GatewayDelete),
+				ginkgo.Entry("IPV4 udp + pod deletion timestamp", &addressesv4, "udp", GatewayDeletionTimestamp),
+				ginkgo.Entry("IPV4 tcp + pod deletion timestamp", &addressesv4, "tcp", GatewayDeletionTimestamp),
+				ginkgo.Entry("IPV6 udp + pod deletion timestamp", &addressesv6, "udp", GatewayDeletionTimestamp),
+				ginkgo.Entry("IPV6 tcp + pod deletion timestamp", &addressesv6, "tcp", GatewayDeletionTimestamp),
+				ginkgo.Entry("IPV4 udp + pod not ready", &addressesv4, "udp", GatewayNotReady),
+				ginkgo.Entry("IPV4 tcp + pod not ready", &addressesv4, "tcp", GatewayNotReady),
+				ginkgo.Entry("IPV6 udp + pod not ready", &addressesv6, "udp", GatewayNotReady),
+				ginkgo.Entry("IPV6 tcp + pod not ready", &addressesv6, "tcp", GatewayNotReady),
 			)
 		})
 
@@ -1983,11 +2000,15 @@ var _ = ginkgo.Describe("External Gateway", feature.ExternalGateway, func() {
 				ginkgo.Entry("IPV6 udp", &addressesv6, "udp"),
 				ginkgo.Entry("IPV6 tcp", &addressesv6, "tcp"))
 
-			ginkgo.DescribeTable("Dynamic Hop: Should validate conntrack entry deletion for TCP/UDP traffic via multiple external gateways a.k.a ECMP routes", func(addresses *gatewayTestIPs, protocol string) {
+			ginkgo.DescribeTable("Dynamic Hop: Should validate conntrack entry deletion for TCP/UDP traffic via multiple external gateways a.k.a ECMP routes", func(addresses *gatewayTestIPs, protocol string, removalType GatewayRemovalType) {
 				if addresses.srcPodIP == "" || addresses.nodeIP == "" {
 					skipper.Skipf("Skipping as pod ip / node ip are not set pod ip %s node ip %s", addresses.srcPodIP, addresses.nodeIP)
 				}
 
+				if removalType == GatewayNotReady {
+					recreatePodWithReadinessProbe(f, gatewayPodName2, nodes.Items[1].Name, servingNamespace, sleepCommand, map[string]string{"name": gatewayPodName2, "gatewayPod": "true"})
+				}
+
 				for i, gwPod := range []string{gatewayPodName1, gatewayPodName2} {
 					annotateMultusNetworkStatusInPodGateway(gwPod, servingNamespace, []string{addresses.gatewayIPs[i], addresses.gatewayIPs[i]})
 				}
@@ -2026,10 +2047,10 @@ var _ = ginkgo.Describe("External Gateway", feature.ExternalGateway, func() {
 				}, time.Minute, 5).Should(gomega.Equal(podConnEntriesWithMACLabelsSet))
 				gomega.Expect(pokeConntrackEntries(nodeName, addresses.srcPodIP, protocol, nil)).To(gomega.Equal(totalPodConnEntries)) // total conntrack entries for this pod/protocol
 
-				ginkgo.By("Remove second external gateway pod's routing-namespace annotation")
-				p := getGatewayPod(f, servingNamespace, gatewayPodName2)
-				p.Labels = map[string]string{"name": gatewayPodName2}
-				updatePod(f, p)
+				cleanUpFn := handleGatewayPodRemoval(f, removalType, gatewayPodName2, servingNamespace, addresses.gatewayIPs[1], false)
+				if cleanUpFn != nil {
+					defer cleanUpFn()
+				}
 
 				ginkgo.By("Check if conntrack entries for ECMP routes are removed for the deleted external gateway if traffic is UDP")
 
@@ -2044,7 +2065,7 @@ var _ = ginkgo.Describe("External Gateway", feature.ExternalGateway, func() {
 				gomega.Expect(pokeConntrackEntries(nodeName, addresses.srcPodIP, protocol, nil)).To(gomega.Equal(totalPodConnEntries))
 
 				ginkgo.By("Remove first external gateway pod's routing-namespace annotation")
-				p = getGatewayPod(f, servingNamespace, gatewayPodName1)
+				p := getGatewayPod(f, servingNamespace, gatewayPodName1)
 				p.Labels = map[string]string{"name": gatewayPodName1}
 				updatePod(f, p)
 
@@ -2060,11 +2081,19 @@ var _ = ginkgo.Describe("External Gateway", feature.ExternalGateway, func() {
 				gomega.Expect(pokeConntrackEntries(nodeName, addresses.srcPodIP, protocol, nil)).To(gomega.Equal(totalPodConnEntries))
 				checkAPBExternalRouteStatus(defaultPolicyName)
 			},
-				ginkgo.Entry("IPV4 udp", &addressesv4, "udp"),
-				ginkgo.Entry("IPV4 tcp", &addressesv4, "tcp"),
-				ginkgo.Entry("IPV6 udp", &addressesv6, "udp"),
-				ginkgo.Entry("IPV6 tcp", &addressesv6, "tcp"))
-
+				ginkgo.Entry("IPV4 udp + pod annotation update", &addressesv4, "udp", GatewayUpdate),
+				ginkgo.Entry("IPV4 tcp + pod annotation update", &addressesv4, "tcp", GatewayUpdate),
+				ginkgo.Entry("IPV6 udp + pod annotation update", &addressesv6, "udp", GatewayUpdate),
+				ginkgo.Entry("IPV6 tcp + pod annotation update", &addressesv6, "tcp", GatewayUpdate),
+				ginkgo.Entry("IPV4 udp + pod deletion timestamp", &addressesv4, "udp", GatewayDeletionTimestamp),
+				ginkgo.Entry("IPV4 tcp + pod deletion timestamp", &addressesv4, "tcp", GatewayDeletionTimestamp),
+				ginkgo.Entry("IPV6 udp + pod deletion timestamp", &addressesv6, "udp", GatewayDeletionTimestamp),
+				ginkgo.Entry("IPV6 tcp + pod deletion timestamp", &addressesv6, "tcp", GatewayDeletionTimestamp),
+				ginkgo.Entry("IPV4 udp + pod not ready", &addressesv4, "udp", GatewayNotReady),
+				ginkgo.Entry("IPV4 tcp + pod not ready", &addressesv4, "tcp", GatewayNotReady),
+				ginkgo.Entry("IPV6 udp + pod not ready", &addressesv6, "udp", GatewayNotReady),
+				ginkgo.Entry("IPV6 tcp + pod not ready", &addressesv6, "tcp", GatewayNotReady),
+			)
 		})
 
 		// BFD Tests are dual of external gateway. The only difference is that they enable BFD on ovn and
@@ -3595,3 +3624,133 @@ func resetGatewayAnnotations(f *framework.Framework) {
 			annotation}...)
 	}
 }
+
+func setupPodWithReadinessProbe(f *framework.Framework, podName, nodeSelector, namespace string, command []string, labels map[string]string) (*corev1.Pod, error) {
+	// Handle bash -c commands specially to preserve argument structure
+	if len(command) >= 3 && command[0] == "bash" && command[1] == "-c" {
+		// Extract the script part and wrap it to preserve logic
+		script := strings.Join(command[2:], " ")
+		command = []string{"bash", "-c", "touch /tmp/ready && (" + script + ")"}
+	} else {
+		// For non-bash commands, preserve their structure
+		var quotedArgs []string
+		for _, arg := range command {
+			// Escape single quotes and wrap in single quotes
+			escaped := strings.ReplaceAll(arg, "'", "'\"'\"'")
+			quotedArgs = append(quotedArgs, "'"+escaped+"'")
+		}
+		command = []string{"bash", "-c", "touch /tmp/ready && " + strings.Join(quotedArgs, " ")}
+	}
+	return createPod(f, podName, nodeSelector, namespace, command, labels, func(p *corev1.Pod) {
+		p.Spec.Containers[0].ReadinessProbe = &corev1.Probe{
+			ProbeHandler: corev1.ProbeHandler{
+				Exec: &corev1.ExecAction{
+					Command: []string{"cat", "/tmp/ready"},
+				},
+			},
+			InitialDelaySeconds: 5,
+			PeriodSeconds:       5,
+			FailureThreshold:    1,
+		}
+	})
+}
+
+func recreatePodWithReadinessProbe(f *framework.Framework, podName, nodeSelector, namespace string, command []string, labels map[string]string) {
+	ginkgo.By(fmt.Sprintf("Delete second external gateway pod %s from ns %s", podName, namespace))
+	err := deletePodWithWaitByName(context.TODO(), f.ClientSet, podName, namespace)
+	gomega.Expect(err).NotTo(gomega.HaveOccurred(), fmt.Sprintf("Delete second external gateway pod %s from ns %s, failed: %v", podName, namespace, err))
+
+	ginkgo.By(fmt.Sprintf("Create second external gateway pod %s from ns %s with readiness probe", podName, namespace))
+	_, err = setupPodWithReadinessProbe(f, podName, nodeSelector, namespace, command, labels)
+	gomega.Expect(err).NotTo(gomega.HaveOccurred(), fmt.Sprintf("Create second external gateway pod %s from ns %s with readiness probe, failed: %v", podName, namespace, err))
+	gomega.Eventually(func() bool {
+		var p *corev1.Pod
+		p, err = f.ClientSet.CoreV1().Pods(namespace).Get(context.Background(), podName, metav1.GetOptions{})
+		if err != nil {
+			return false
+		}
+		for _, condition := range p.Status.Conditions {
+			if condition.Type == corev1.PodReady {
+				return condition.Status == corev1.ConditionTrue
+			}
+		}
+		return false
+	}).Should(gomega.Equal(true), fmt.Sprintf("Readiness probe for second external gateway pod %s from ns %s, failed: %v", podName, namespace, err))
+}
+
+func handleGatewayPodRemoval(f *framework.Framework, removalType GatewayRemovalType, gatewayPodName, servingNamespace, gatewayIP string, isAnnotated bool) func() {
+	var err error
+	switch removalType {
+	case GatewayDelete:
+		ginkgo.By(fmt.Sprintf("Delete second external gateway pod %s from ns %s", gatewayPodName, servingNamespace))
+		err := deletePodWithWaitByName(context.TODO(), f.ClientSet, gatewayPodName, servingNamespace)
+		framework.ExpectNoError(err, "Delete the gateway pod failed: %v", err)
+		return nil
+	case GatewayUpdate:
+		if isAnnotated {
+			ginkgo.By("Remove second external gateway pod's routing-namespace annotation")
+			annotatePodForGateway(gatewayPodName, servingNamespace, "", gatewayIP, false)
+			return nil
+		}
+
+		ginkgo.By("Updating external gateway pod labels")
+		p := getGatewayPod(f, servingNamespace, gatewayPodName)
+		p.Labels = map[string]string{"name": gatewayPodName}
+		updatePod(f, p)
+		return nil
+	case GatewayDeletionTimestamp:
+		ginkgo.By("Setting finalizer then deleting external gateway pod with grace period to set deletion timestamp")
+		p := getGatewayPod(f, servingNamespace, gatewayPodName)
+		p.Finalizers = append(p.Finalizers, "k8s.ovn.org/external-gw-pod-finalizer")
+		updatePod(f, p)
+		gomega.Eventually(func() bool {
+			p, err = f.ClientSet.CoreV1().Pods(servingNamespace).Get(context.Background(), gatewayPodName, metav1.GetOptions{})
+			if err != nil {
+				return false
+			}
+			return strings.Contains(strings.Join(p.GetFinalizers(), ","), "k8s.ovn.org/external-gw-pod-finalizer")
+		}).Should(gomega.Equal(true), fmt.Sprintf("Update second external gateway pod %s from ns %s with finalizer, failed: %v", gatewayPodName, servingNamespace, err))
+
+		p = getGatewayPod(f, servingNamespace, gatewayPodName)
+		err = e2epod.DeletePodWithGracePeriod(context.Background(), f.ClientSet, p, 1000)
+		framework.ExpectNoError(err, fmt.Sprintf("unable to delete pod with grace period: %s, err: %v", p.Name, err))
+
+		gomega.Eventually(func() bool {
+			p, err = f.ClientSet.CoreV1().Pods(servingNamespace).Get(context.Background(), gatewayPodName, metav1.GetOptions{})
+			if err != nil {
+				return false
+			}
+			return p.DeletionTimestamp != nil
+		}).Should(gomega.BeTrue(), fmt.Sprintf("Gateway pod %s in ns %s should have deletion timestamp, failed: %v", gatewayPodName, servingNamespace, err))
+
+		// return a function to remove the finalizer
+		return func() {
+			p = getGatewayPod(f, servingNamespace, gatewayPodName)
+			p.Finalizers = []string{}
+			updatePod(f, p)
+		}
+	case GatewayNotReady:
+		ginkgo.By("Remove /tmp/ready in external gateway pod so that readiness probe fails")
+		_, err = e2ekubectl.RunKubectl(servingNamespace, "exec", gatewayPodName, "--", "rm", "/tmp/ready")
+		framework.ExpectNoError(err, fmt.Sprintf("unable to remove /tmp/ready in pod: %s, err: %v", gatewayPodName, err))
+		gomega.Eventually(func() bool {
+			var p *corev1.Pod
+			p, err = f.ClientSet.CoreV1().Pods(servingNamespace).Get(context.Background(), gatewayPodName, metav1.GetOptions{})
+			if err != nil {
+				return false
+			}
+			podReadyStatus := corev1.ConditionTrue
+			for _, condition := range p.Status.Conditions {
+				if condition.Type == corev1.PodReady {
+					podReadyStatus = condition.Status
+					break
+				}
+			}
+			return podReadyStatus == corev1.ConditionFalse
+		}).WithTimeout(5*time.Minute).Should(gomega.Equal(true), fmt.Sprintf("Mark second external gateway pod %s from ns %s not ready, failed: %v", gatewayPodName, servingNamespace, err))
+		return nil
+	default:
+		framework.Failf("unexpected GatewayRemovalType passed: %s", removalType)
+		return nil
+	}
+}
