@@ -45,7 +45,6 @@ import (
4545 e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
4646 e2epodoutput "k8s.io/kubernetes/test/e2e/framework/pod/output"
4747 e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
48- e2essh "k8s.io/kubernetes/test/e2e/framework/ssh"
4948 imageutils "k8s.io/kubernetes/test/utils/image"
5049 netutils "k8s.io/utils/net"
5150)
@@ -1099,101 +1098,6 @@ func httpGetNoConnectionPoolTimeout(url string, timeout time.Duration) (*http.Re
10991098 return client .Get (url )
11001099}
11011100
1102- // TestUnderTemporaryNetworkFailure blocks outgoing network traffic on 'node'. Then runs testFunc and returns its status.
1103- // At the end (even in case of errors), the network traffic is brought back to normal.
1104- // This function executes commands on a node so it will work only for some
1105- // environments.
1106- func TestUnderTemporaryNetworkFailure (ctx context.Context , c clientset.Interface , ns string , node * v1.Node , testFunc func (ctx context.Context )) {
1107- host , err := e2enode .GetSSHExternalIP (node )
1108- if err != nil {
1109- framework .Failf ("Error getting node external ip : %v" , err )
1110- }
1111- controlPlaneAddresses := framework .GetControlPlaneAddresses (ctx , c )
1112- ginkgo .By (fmt .Sprintf ("block network traffic from node %s to the control plane" , node .Name ))
1113- defer func () {
1114- // This code will execute even if setting the iptables rule failed.
1115- // It is on purpose because we may have an error even if the new rule
1116- // had been inserted. (yes, we could look at the error code and ssh error
1117- // separately, but I prefer to stay on the safe side).
1118- ginkgo .By (fmt .Sprintf ("Unblock network traffic from node %s to the control plane" , node .Name ))
1119- for _ , instanceAddress := range controlPlaneAddresses {
1120- UnblockNetwork (ctx , host , instanceAddress )
1121- }
1122- }()
1123-
1124- framework .Logf ("Waiting %v to ensure node %s is ready before beginning test..." , resizeNodeReadyTimeout , node .Name )
1125- if ! e2enode .WaitConditionToBe (ctx , c , node .Name , v1 .NodeReady , true , resizeNodeReadyTimeout ) {
1126- framework .Failf ("Node %s did not become ready within %v" , node .Name , resizeNodeReadyTimeout )
1127- }
1128- for _ , instanceAddress := range controlPlaneAddresses {
1129- BlockNetwork (ctx , host , instanceAddress )
1130- }
1131-
1132- framework .Logf ("Waiting %v for node %s to be not ready after simulated network failure" , resizeNodeNotReadyTimeout , node .Name )
1133- if ! e2enode .WaitConditionToBe (ctx , c , node .Name , v1 .NodeReady , false , resizeNodeNotReadyTimeout ) {
1134- framework .Failf ("Node %s did not become not-ready within %v" , node .Name , resizeNodeNotReadyTimeout )
1135- }
1136-
1137- testFunc (ctx )
1138- // network traffic is unblocked in a deferred function
1139- }
1140-
1141- // BlockNetwork blocks network between the given from value and the given to value.
1142- // The following helper functions can block/unblock network from source
1143- // host to destination host by manipulating iptable rules.
1144- // This function assumes it can ssh to the source host.
1145- //
1146- // Caution:
1147- // Recommend to input IP instead of hostnames. Using hostnames will cause iptables to
1148- // do a DNS lookup to resolve the name to an IP address, which will
1149- // slow down the test and cause it to fail if DNS is absent or broken.
1150- //
1151- // Suggested usage pattern:
1152- //
1153- // func foo() {
1154- // ...
1155- // defer UnblockNetwork(from, to)
1156- // BlockNetwork(from, to)
1157- // ...
1158- // }
1159- func BlockNetwork (ctx context.Context , from string , to string ) {
1160- framework .Logf ("block network traffic from %s to %s" , from , to )
1161- iptablesRule := fmt .Sprintf ("OUTPUT --destination %s --jump REJECT" , to )
1162- dropCmd := fmt .Sprintf ("sudo iptables --insert %s" , iptablesRule )
1163- if result , err := e2essh .SSH (ctx , dropCmd , from , framework .TestContext .Provider ); result .Code != 0 || err != nil {
1164- e2essh .LogResult (result )
1165- framework .Failf ("Unexpected error: %v" , err )
1166- }
1167- }
1168-
1169- // UnblockNetwork unblocks network between the given from value and the given to value.
1170- func UnblockNetwork (ctx context.Context , from string , to string ) {
1171- framework .Logf ("Unblock network traffic from %s to %s" , from , to )
1172- iptablesRule := fmt .Sprintf ("OUTPUT --destination %s --jump REJECT" , to )
1173- undropCmd := fmt .Sprintf ("sudo iptables --delete %s" , iptablesRule )
1174- // Undrop command may fail if the rule has never been created.
1175- // In such case we just lose 30 seconds, but the cluster is healthy.
1176- // But if the rule had been created and removing it failed, the node is broken and
1177- // not coming back. Subsequent tests will run or fewer nodes (some of the tests
1178- // may fail). Manual intervention is required in such case (recreating the
1179- // cluster solves the problem too).
1180- err := wait .PollUntilContextTimeout (ctx , time .Millisecond * 100 , time .Second * 30 , false , func (ctx context.Context ) (bool , error ) {
1181- result , err := e2essh .SSH (ctx , undropCmd , from , framework .TestContext .Provider )
1182- if result .Code == 0 && err == nil {
1183- return true , nil
1184- }
1185- e2essh .LogResult (result )
1186- if err != nil {
1187- framework .Logf ("Unexpected error: %v" , err )
1188- }
1189- return false , nil
1190- })
1191- if err != nil {
1192- framework .Failf ("Failed to remove the iptable REJECT rule. Manual intervention is " +
1193- "required on host %s: remove rule %s, if exists" , from , iptablesRule )
1194- }
1195- }
1196-
11971101// WaitForService waits until the service appears (exist == true), or disappears (exist == false)
11981102func WaitForService (ctx context.Context , c clientset.Interface , namespace , name string , exist bool , interval , timeout time.Duration ) error {
11991103 err := wait .PollUntilContextTimeout (ctx , interval , timeout , true , func (ctx context.Context ) (bool , error ) {
0 commit comments