Skip to content

Commit 2ec3929

Browse files
npinaevanpinaeva
committed
[kube-proxy:nftables] Add partial sync unit test.
Signed-off-by: Nadia Pinaeva <[email protected]>
1 parent 3ccf5b8 commit 2ec3929

File tree

1 file changed

+49
-0
lines changed

1 file changed

+49
-0
lines changed

pkg/proxy/nftables/proxier_test.go

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4089,6 +4089,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
40894089
add rule ip kube-proxy endpoint-2OCDJSZQ-ns3/svc3/tcp/p80__10.0.3.1/80 meta l4proto tcp dnat to 10.0.3.1:80
40904090
`)
40914091
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4092+
// add 1 element to cluster-ips and service-ips = 2 operations
4093+
// add+flush 2 chains for service and endpoint, add 2 rules in each = 8 operations
4094+
// 10 operations total.
4095+
if nft.LastTransaction.NumOperations() != 10 {
4096+
t.Errorf("Expected 10 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4097+
}
40924098

40934099
// Delete a service; its chains will be flushed, but not immediately deleted.
40944100
fp.OnServiceDelete(svc2)
@@ -4117,6 +4123,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
41174123
add rule ip kube-proxy endpoint-2OCDJSZQ-ns3/svc3/tcp/p80__10.0.3.1/80 meta l4proto tcp dnat to 10.0.3.1:80
41184124
`)
41194125
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4126+
// delete 1 element from cluster-ips and service-ips = 2 operations
4127+
// flush 2 chains for service and endpoint = 2 operations
4128+
// 4 operations total.
4129+
if nft.LastTransaction.NumOperations() != 4 {
4130+
t.Errorf("Expected 4 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4131+
}
41204132

41214133
// Fake the passage of time and confirm that the stale chains get deleted.
41224134
ageStaleChains()
@@ -4142,6 +4154,10 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
41424154
add rule ip kube-proxy endpoint-2OCDJSZQ-ns3/svc3/tcp/p80__10.0.3.1/80 meta l4proto tcp dnat to 10.0.3.1:80
41434155
`)
41444156
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4157+
// delete stale chains happens in a separate transaction, nothing else changed => last transaction will have 0 operations.
4158+
if nft.LastTransaction.NumOperations() != 0 {
4159+
t.Errorf("Expected 0 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4160+
}
41454161

41464162
// Add a service, sync, then add its endpoints.
41474163
makeServiceMap(fp,
@@ -4180,6 +4196,10 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
41804196
add element ip kube-proxy no-endpoint-services { 172.30.0.44 . tcp . 80 comment "ns4/svc4:p80" : goto reject-chain }
41814197
`)
41824198
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4199+
// add 1 element to cluster-ips and no-endpoint-services = 2 operations
4200+
if nft.LastTransaction.NumOperations() != 2 {
4201+
t.Errorf("Expected 2 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4202+
}
41834203

41844204
populateEndpointSlices(fp,
41854205
makeTestEndpointSlice("ns4", "svc4", 1, func(eps *discovery.EndpointSlice) {
@@ -4225,6 +4245,11 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
42254245
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
42264246
`)
42274247
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4248+
// add 1 element to service-ips, remove 1 element from no-endpoint-services = 2 operations
4249+
// add+flush 2 chains for service and endpoint, add 2 rules in each = 8 operations
4250+
if nft.LastTransaction.NumOperations() != 10 {
4251+
t.Errorf("Expected 10 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4252+
}
42284253

42294254
// Change an endpoint of an existing service.
42304255
eps3update := eps3.DeepCopy()
@@ -4264,6 +4289,11 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
42644289
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
42654290
`)
42664291
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4292+
// add+flush 2 chains for service and endpoint, add 2 rules in each = 8 operations
4293+
// flush old endpoint chain = 1 operation
4294+
if nft.LastTransaction.NumOperations() != 9 {
4295+
t.Errorf("Expected 9 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4296+
}
42674297

42684298
// (Ensure the old svc3 chain gets deleted in the next sync.)
42694299
ageStaleChains()
@@ -4307,6 +4337,10 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
43074337
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
43084338
`)
43094339
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4340+
// add+flush 3 chains for 1 service and 2 endpoints, add 2 rules in each = 12 operations
4341+
if nft.LastTransaction.NumOperations() != 12 {
4342+
t.Errorf("Expected 12 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4343+
}
43104344

43114345
// Empty a service's endpoints; its chains will be flushed, but not immediately deleted.
43124346
eps3update3 := eps3update2.DeepCopy()
@@ -4340,6 +4374,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
43404374
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
43414375
`)
43424376
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4377+
// remove 1 element from service-ips, add 1 element to no-endpoint-services = 2 operations
4378+
// flush 3 chains = 3 operations
4379+
if nft.LastTransaction.NumOperations() != 5 {
4380+
t.Errorf("Expected 5 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4381+
}
4382+
43434383
expectedStaleChains := sets.NewString("service-4AT6LBPK-ns3/svc3/tcp/p80", "endpoint-SWWHDC7X-ns3/svc3/tcp/p80__10.0.3.2/80", "endpoint-TQ2QKHCZ-ns3/svc3/tcp/p80__10.0.3.3/80")
43444384
gotStaleChains := sets.StringKeySet(fp.staleChains)
43454385
if !expectedStaleChains.Equal(gotStaleChains) {
@@ -4381,6 +4421,12 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
43814421
add rule ip kube-proxy endpoint-WAHRBT2B-ns4/svc4/tcp/p80__10.0.4.1/80 meta l4proto tcp dnat to 10.0.4.1:80
43824422
`)
43834423
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4424+
// remove 1 element from no-endpoint-services, add 1 element to service-ips = 2 operations
4425+
// add+flush 3 chains for 1 service and 2 endpoints, add 2 rules in each = 12 operations
4426+
if nft.LastTransaction.NumOperations() != 14 {
4427+
t.Errorf("Expected 14 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4428+
}
4429+
43844430
if len(fp.staleChains) != 0 {
43854431
t.Errorf("unexpected stale chains: %v", fp.staleChains)
43864432
}
@@ -4399,6 +4445,9 @@ func TestSyncProxyRulesRepeated(t *testing.T) {
43994445
// Sync with no new changes, so same expected rules as last time
44004446
fp.syncProxyRules()
44014447
assertNFTablesTransactionEqual(t, getLine(), expected, nft.Dump())
4448+
if nft.LastTransaction.NumOperations() != 0 {
4449+
t.Errorf("Expected 0 trasaction operations, got %d", nft.LastTransaction.NumOperations())
4450+
}
44024451
}
44034452

44044453
func TestNoEndpointsMetric(t *testing.T) {

0 commit comments

Comments
 (0)