github.phpd.cn/cilium/cilium@v1.6.12/pkg/k8s/service_cache_test.go (about) 1 // Copyright 2018-2019 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // +build !privileged_tests 16 17 package k8s 18 19 import ( 20 "net" 21 "time" 22 23 "github.com/cilium/cilium/pkg/checker" 24 "github.com/cilium/cilium/pkg/k8s/types" 25 "github.com/cilium/cilium/pkg/loadbalancer" 26 "github.com/cilium/cilium/pkg/option" 27 "github.com/cilium/cilium/pkg/service" 28 "github.com/cilium/cilium/pkg/testutils" 29 30 "gopkg.in/check.v1" 31 "k8s.io/api/core/v1" 32 "k8s.io/api/extensions/v1beta1" 33 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 34 "k8s.io/apimachinery/pkg/util/intstr" 35 ) 36 37 func (s *K8sSuite) TestGetUniqueServiceFrontends(c *check.C) { 38 svcID1 := ServiceID{Name: "svc1", Namespace: "default"} 39 svcID2 := ServiceID{Name: "svc2", Namespace: "default"} 40 41 endpoints := Endpoints{ 42 Backends: map[string]service.PortConfiguration{ 43 "3.3.3.3": map[string]*loadbalancer.L4Addr{ 44 "port": { 45 Protocol: loadbalancer.TCP, 46 Port: 80, 47 }, 48 }, 49 }, 50 } 51 52 cache := NewServiceCache() 53 cache.services = map[ServiceID]*Service{ 54 svcID1: { 55 FrontendIP: net.ParseIP("1.1.1.1"), 56 Ports: map[loadbalancer.FEPortName]*loadbalancer.FEPort{ 57 loadbalancer.FEPortName("foo"): { 58 L4Addr: &loadbalancer.L4Addr{ 59 Protocol: loadbalancer.TCP, 60 Port: 10, 61 }, 62 }, 63 loadbalancer.FEPortName("bar"): { 64 L4Addr: &loadbalancer.L4Addr{ 65 Protocol: loadbalancer.TCP, 66 Port: 20, 67 }, 68 }, 69 }, 70 }, 71 svcID2: { 72 FrontendIP: net.ParseIP("2.2.2.2"), 73 Ports: map[loadbalancer.FEPortName]*loadbalancer.FEPort{ 74 loadbalancer.FEPortName("bar"): { 75 L4Addr: &loadbalancer.L4Addr{ 76 Protocol: loadbalancer.UDP, 77 Port: 20, 78 }, 79 }, 80 }, 81 }, 82 } 83 cache.endpoints = map[ServiceID]*Endpoints{ 84 svcID1: &endpoints, 85 svcID2: &endpoints, 86 } 87 88 frontends := cache.UniqueServiceFrontends() 89 c.Assert(frontends, checker.DeepEquals, FrontendList{ 90 "1.1.1.1:10/TCP": {}, 91 "1.1.1.1:20/TCP": {}, 92 "2.2.2.2:20/UDP": {}, 93 }) 94 95 // Validate all frontends as exact matches 96 frontend := loadbalancer.NewL3n4Addr(loadbalancer.TCP, net.ParseIP("1.1.1.1"), 10) 97 c.Assert(frontends.LooseMatch(*frontend), check.Equals, true) 98 frontend = loadbalancer.NewL3n4Addr(loadbalancer.TCP, net.ParseIP("1.1.1.1"), 20) 99 c.Assert(frontends.LooseMatch(*frontend), check.Equals, true) 100 frontend = loadbalancer.NewL3n4Addr(loadbalancer.UDP, net.ParseIP("2.2.2.2"), 20) 101 c.Assert(frontends.LooseMatch(*frontend), check.Equals, true) 102 103 // Validate protocol mismatch on exact match 104 frontend = loadbalancer.NewL3n4Addr(loadbalancer.TCP, net.ParseIP("2.2.2.2"), 20) 105 c.Assert(frontends.LooseMatch(*frontend), check.Equals, false) 106 107 // Validate protocol wildcard matching 108 frontend = loadbalancer.NewL3n4Addr(loadbalancer.NONE, net.ParseIP("2.2.2.2"), 20) 109 c.Assert(frontends.LooseMatch(*frontend), check.Equals, true) 110 frontend = loadbalancer.NewL3n4Addr(loadbalancer.NONE, net.ParseIP("1.1.1.1"), 10) 111 c.Assert(frontends.LooseMatch(*frontend), check.Equals, true) 112 frontend = loadbalancer.NewL3n4Addr(loadbalancer.NONE, net.ParseIP("1.1.1.1"), 20) 113 c.Assert(frontends.LooseMatch(*frontend), check.Equals, true) 114 } 115 116 func (s *K8sSuite) TestServiceCache(c *check.C) { 117 svcCache := NewServiceCache() 118 119 k8sSvc := &types.Service{ 120 Service: &v1.Service{ 121 ObjectMeta: metav1.ObjectMeta{ 122 Name: "foo", 123 Namespace: "bar", 124 Labels: map[string]string{ 125 "foo": "bar", 126 }, 127 }, 128 Spec: v1.ServiceSpec{ 129 ClusterIP: "127.0.0.1", 130 Selector: map[string]string{ 131 "foo": "bar", 132 }, 133 Type: v1.ServiceTypeClusterIP, 134 }, 135 }, 136 } 137 138 svcID := svcCache.UpdateService(k8sSvc) 139 140 time.Sleep(100 * time.Millisecond) 141 142 select { 143 case <-svcCache.Events: 144 c.Error("Unexpected service event received before endpoints have been imported") 145 default: 146 } 147 148 k8sEndpoints := &types.Endpoints{ 149 Endpoints: &v1.Endpoints{ 150 ObjectMeta: metav1.ObjectMeta{ 151 Name: "foo", 152 Namespace: "bar", 153 }, 154 Subsets: []v1.EndpointSubset{ 155 { 156 Addresses: []v1.EndpointAddress{{IP: "2.2.2.2"}}, 157 Ports: []v1.EndpointPort{ 158 { 159 Name: "http-test-svc", 160 Port: 8080, 161 Protocol: v1.ProtocolTCP, 162 }, 163 }, 164 }, 165 }, 166 }, 167 } 168 169 svcCache.UpdateEndpoints(k8sEndpoints) 170 171 // The service should be ready as both service and endpoints have been 172 // imported 173 c.Assert(testutils.WaitUntil(func() bool { 174 event := <-svcCache.Events 175 c.Assert(event.Action, check.Equals, UpdateService) 176 c.Assert(event.ID, check.Equals, svcID) 177 return true 178 }, 2*time.Second), check.IsNil) 179 180 endpoints, ready := svcCache.correlateEndpoints(svcID) 181 c.Assert(ready, check.Equals, true) 182 c.Assert(endpoints.String(), check.Equals, "2.2.2.2:8080/TCP") 183 184 // Updating the service without chaning it should not result in an event 185 svcCache.UpdateService(k8sSvc) 186 time.Sleep(100 * time.Millisecond) 187 select { 188 case <-svcCache.Events: 189 c.Error("Unexpected service event received for unchanged service object") 190 default: 191 } 192 193 // Deleting the service will result in a service delete event 194 svcCache.DeleteService(k8sSvc) 195 c.Assert(testutils.WaitUntil(func() bool { 196 event := <-svcCache.Events 197 c.Assert(event.Action, check.Equals, DeleteService) 198 c.Assert(event.ID, check.Equals, svcID) 199 return true 200 }, 2*time.Second), check.IsNil) 201 202 // Reinserting the service should re-match with the still existing endpoints 203 svcCache.UpdateService(k8sSvc) 204 c.Assert(testutils.WaitUntil(func() bool { 205 event := <-svcCache.Events 206 c.Assert(event.Action, check.Equals, UpdateService) 207 c.Assert(event.ID, check.Equals, svcID) 208 return true 209 }, 2*time.Second), check.IsNil) 210 211 // Deleting the endpoints will result in a service update event 212 svcCache.DeleteEndpoints(k8sEndpoints) 213 c.Assert(testutils.WaitUntil(func() bool { 214 event := <-svcCache.Events 215 c.Assert(event.Action, check.Equals, UpdateService) 216 c.Assert(event.ID, check.Equals, svcID) 217 return true 218 }, 2*time.Second), check.IsNil) 219 220 endpoints, serviceReady := svcCache.correlateEndpoints(svcID) 221 c.Assert(serviceReady, check.Equals, false) 222 c.Assert(endpoints.String(), check.Equals, "") 223 224 // Reinserting the endpoints should re-match with the still existing service 225 svcCache.UpdateEndpoints(k8sEndpoints) 226 c.Assert(testutils.WaitUntil(func() bool { 227 event := <-svcCache.Events 228 c.Assert(event.Action, check.Equals, UpdateService) 229 c.Assert(event.ID, check.Equals, svcID) 230 return true 231 }, 2*time.Second), check.IsNil) 232 233 endpoints, serviceReady = svcCache.correlateEndpoints(svcID) 234 c.Assert(serviceReady, check.Equals, true) 235 c.Assert(endpoints.String(), check.Equals, "2.2.2.2:8080/TCP") 236 237 // Deleting the service will result in a service delete event 238 svcCache.DeleteService(k8sSvc) 239 c.Assert(testutils.WaitUntil(func() bool { 240 event := <-svcCache.Events 241 c.Assert(event.Action, check.Equals, DeleteService) 242 c.Assert(event.ID, check.Equals, svcID) 243 return true 244 }, 2*time.Second), check.IsNil) 245 246 // Deleting the endpoints will not emit an event as the notification 247 // was sent out when the service was deleted. 248 svcCache.DeleteEndpoints(k8sEndpoints) 249 time.Sleep(100 * time.Millisecond) 250 select { 251 case <-svcCache.Events: 252 c.Error("Unexpected service delete event received") 253 default: 254 } 255 256 k8sIngress := &types.Ingress{ 257 Ingress: &v1beta1.Ingress{ 258 ObjectMeta: metav1.ObjectMeta{ 259 Namespace: "bar", 260 }, 261 Spec: v1beta1.IngressSpec{ 262 Backend: &v1beta1.IngressBackend{ 263 ServiceName: "svc1", 264 ServicePort: intstr.IntOrString{ 265 IntVal: 8080, 266 StrVal: "foo", 267 Type: intstr.Int, 268 }, 269 }, 270 }, 271 }, 272 } 273 ingressID, err := svcCache.UpdateIngress(k8sIngress, net.ParseIP("1.1.1.1")) 274 c.Assert(err, check.IsNil) 275 276 c.Assert(testutils.WaitUntil(func() bool { 277 event := <-svcCache.Events 278 c.Assert(event.Action, check.Equals, UpdateIngress) 279 c.Assert(event.ID, check.Equals, ingressID) 280 return true 281 }, 2*time.Second), check.IsNil) 282 283 // Updating the ingress without changes should not result in an event 284 _, err = svcCache.UpdateIngress(k8sIngress, net.ParseIP("1.1.1.1")) 285 c.Assert(err, check.IsNil) 286 time.Sleep(100 * time.Millisecond) 287 select { 288 case <-svcCache.Events: 289 c.Error("Unexpected ingress event received for unchanged ingress object") 290 default: 291 } 292 293 // Deleting the ingress resource will emit a delete event 294 svcCache.DeleteIngress(k8sIngress) 295 c.Assert(testutils.WaitUntil(func() bool { 296 event := <-svcCache.Events 297 c.Assert(event.Action, check.Equals, DeleteIngress) 298 c.Assert(event.ID, check.Equals, ingressID) 299 return true 300 }, 2*time.Second), check.IsNil) 301 } 302 303 func (s *K8sSuite) TestCacheActionString(c *check.C) { 304 c.Assert(UpdateService.String(), check.Equals, "service-updated") 305 c.Assert(DeleteService.String(), check.Equals, "service-deleted") 306 c.Assert(UpdateIngress.String(), check.Equals, "ingress-updated") 307 c.Assert(DeleteIngress.String(), check.Equals, "ingress-deleted") 308 } 309 310 func (s *K8sSuite) TestServiceMerging(c *check.C) { 311 svcCache := NewServiceCache() 312 313 k8sSvc := &types.Service{ 314 Service: &v1.Service{ 315 ObjectMeta: metav1.ObjectMeta{ 316 Name: "foo", 317 Namespace: "bar", 318 Annotations: map[string]string{ 319 "io.cilium/global-service": "true", 320 }, 321 }, 322 Spec: v1.ServiceSpec{ 323 ClusterIP: "127.0.0.1", 324 Type: v1.ServiceTypeClusterIP, 325 Ports: []v1.ServicePort{ 326 { 327 Name: "foo", 328 Protocol: v1.ProtocolTCP, 329 Port: 80, 330 }, 331 }, 332 }, 333 }, 334 } 335 336 svcID := svcCache.UpdateService(k8sSvc) 337 338 k8sEndpoints := &types.Endpoints{ 339 Endpoints: &v1.Endpoints{ 340 ObjectMeta: metav1.ObjectMeta{ 341 Name: "foo", 342 Namespace: "bar", 343 }, 344 Subsets: []v1.EndpointSubset{ 345 { 346 Addresses: []v1.EndpointAddress{{IP: "2.2.2.2"}}, 347 Ports: []v1.EndpointPort{ 348 { 349 Name: "http-test-svc", 350 Port: 8080, 351 Protocol: v1.ProtocolTCP, 352 }, 353 }, 354 }, 355 }, 356 }, 357 } 358 359 svcCache.UpdateEndpoints(k8sEndpoints) 360 361 // The service should be ready as both service and endpoints have been 362 // imported 363 c.Assert(testutils.WaitUntil(func() bool { 364 event := <-svcCache.Events 365 c.Assert(event.Action, check.Equals, UpdateService) 366 c.Assert(event.ID, check.Equals, svcID) 367 return true 368 }, 2*time.Second), check.IsNil) 369 370 // Merging a service update with own cluster name must not result in update 371 svcCache.MergeExternalServiceUpdate(&service.ClusterService{ 372 Cluster: option.Config.ClusterName, 373 Namespace: "bar", 374 Name: "foo", 375 Frontends: map[string]service.PortConfiguration{ 376 "1.1.1.1": {}, 377 }, 378 Backends: map[string]service.PortConfiguration{ 379 "3.3.3.3": map[string]*loadbalancer.L4Addr{ 380 "port": {Protocol: loadbalancer.TCP, Port: 80}, 381 }, 382 }, 383 }) 384 385 time.Sleep(100 * time.Millisecond) 386 387 select { 388 case <-svcCache.Events: 389 c.Error("Unexpected service event received") 390 default: 391 } 392 393 svcCache.MergeExternalServiceUpdate(&service.ClusterService{ 394 Cluster: "cluster1", 395 Namespace: "bar", 396 Name: "foo", 397 Frontends: map[string]service.PortConfiguration{ 398 "1.1.1.1": {}, 399 }, 400 Backends: map[string]service.PortConfiguration{ 401 "3.3.3.3": map[string]*loadbalancer.L4Addr{ 402 "port": {Protocol: loadbalancer.TCP, Port: 80}, 403 }, 404 }, 405 }) 406 407 // Adding remote endpoints will trigger a service update 408 c.Assert(testutils.WaitUntil(func() bool { 409 event := <-svcCache.Events 410 c.Assert(event.Action, check.Equals, UpdateService) 411 c.Assert(event.ID, check.Equals, svcID) 412 413 c.Assert(event.Endpoints.Backends["2.2.2.2"], checker.DeepEquals, service.PortConfiguration{ 414 "http-test-svc": {Protocol: loadbalancer.TCP, Port: 8080}, 415 }) 416 417 c.Assert(event.Endpoints.Backends["3.3.3.3"], checker.DeepEquals, service.PortConfiguration{ 418 "port": {Protocol: loadbalancer.TCP, Port: 80}, 419 }) 420 421 return true 422 }, 2*time.Second), check.IsNil) 423 424 // Merging a service for another name should not trigger any updates 425 svcCache.MergeExternalServiceUpdate(&service.ClusterService{ 426 Cluster: "cluster", 427 Namespace: "bar", 428 Name: "foo2", 429 Frontends: map[string]service.PortConfiguration{ 430 "1.1.1.1": {}, 431 }, 432 Backends: map[string]service.PortConfiguration{ 433 "3.3.3.3": map[string]*loadbalancer.L4Addr{ 434 "port": {Protocol: loadbalancer.TCP, Port: 80}, 435 }, 436 }, 437 }) 438 439 time.Sleep(100 * time.Millisecond) 440 441 select { 442 case <-svcCache.Events: 443 c.Error("Unexpected service event received") 444 default: 445 } 446 447 // Adding the service later must trigger an update 448 svcID2 := svcCache.UpdateService(&types.Service{ 449 Service: &v1.Service{ 450 ObjectMeta: metav1.ObjectMeta{ 451 Name: "foo2", 452 Namespace: "bar", 453 Labels: map[string]string{ 454 "foo": "bar", 455 }, 456 Annotations: map[string]string{ 457 "io.cilium/global-service": "true", 458 }, 459 }, 460 Spec: v1.ServiceSpec{ 461 ClusterIP: "127.0.0.2", 462 Selector: map[string]string{ 463 "foo": "bar", 464 }, 465 Type: v1.ServiceTypeClusterIP, 466 }, 467 }, 468 }) 469 470 c.Assert(testutils.WaitUntil(func() bool { 471 event := <-svcCache.Events 472 c.Assert(event.Action, check.Equals, UpdateService) 473 c.Assert(event.ID, check.Equals, svcID2) 474 return true 475 }, 2*time.Second), check.IsNil) 476 477 cluster2svc := &service.ClusterService{ 478 Cluster: "cluster2", 479 Namespace: "bar", 480 Name: "foo", 481 Frontends: map[string]service.PortConfiguration{ 482 "1.1.1.1": {}, 483 }, 484 Backends: map[string]service.PortConfiguration{ 485 "4.4.4.4": map[string]*loadbalancer.L4Addr{ 486 "port": {Protocol: loadbalancer.TCP, Port: 80}, 487 }, 488 }, 489 } 490 491 // Adding another cluster to the first service will triger an event 492 svcCache.MergeExternalServiceUpdate(cluster2svc) 493 c.Assert(testutils.WaitUntil(func() bool { 494 event := <-svcCache.Events 495 c.Assert(event.Action, check.Equals, UpdateService) 496 497 c.Assert(event.Endpoints.Backends["4.4.4.4"], checker.DeepEquals, service.PortConfiguration{ 498 "port": {Protocol: loadbalancer.TCP, Port: 80}, 499 }) 500 501 return true 502 }, 2*time.Second), check.IsNil) 503 504 svcCache.MergeExternalServiceDelete(cluster2svc) 505 c.Assert(testutils.WaitUntil(func() bool { 506 event := <-svcCache.Events 507 c.Assert(event.Action, check.Equals, UpdateService) 508 c.Assert(event.Endpoints.Backends["4.4.4.4"], check.IsNil) 509 return true 510 }, 2*time.Second), check.IsNil) 511 512 // Deletion of the service frontend will trigger the delete notification 513 svcCache.DeleteService(k8sSvc) 514 c.Assert(testutils.WaitUntil(func() bool { 515 event := <-svcCache.Events 516 c.Assert(event.Action, check.Equals, DeleteService) 517 c.Assert(event.ID, check.Equals, svcID) 518 return true 519 }, 2*time.Second), check.IsNil) 520 521 // When readding the service, the remote endpoints of cluster1 must still be present 522 svcCache.UpdateService(k8sSvc) 523 c.Assert(testutils.WaitUntil(func() bool { 524 event := <-svcCache.Events 525 c.Assert(event.Action, check.Equals, UpdateService) 526 c.Assert(event.ID, check.Equals, svcID) 527 c.Assert(event.Endpoints.Backends["3.3.3.3"], checker.DeepEquals, service.PortConfiguration{ 528 "port": {Protocol: loadbalancer.TCP, Port: 80}, 529 }) 530 return true 531 }, 2*time.Second), check.IsNil) 532 533 k8sSvcID, _ := ParseService(k8sSvc) 534 addresses := svcCache.GetServiceIP(k8sSvcID) 535 c.Assert(addresses, checker.DeepEquals, loadbalancer.NewL3n4Addr(loadbalancer.TCP, net.ParseIP("127.0.0.1"), 80)) 536 } 537 538 func (s *K8sSuite) TestNonSharedServie(c *check.C) { 539 svcCache := NewServiceCache() 540 541 k8sSvc := &types.Service{ 542 Service: &v1.Service{ 543 ObjectMeta: metav1.ObjectMeta{ 544 Name: "foo", 545 Namespace: "bar", 546 Annotations: map[string]string{ 547 "io.cilium/global-service": "false", 548 }, 549 }, 550 Spec: v1.ServiceSpec{ 551 ClusterIP: "127.0.0.1", 552 Type: v1.ServiceTypeClusterIP, 553 }, 554 }, 555 } 556 557 svcCache.UpdateService(k8sSvc) 558 559 svcCache.MergeExternalServiceUpdate(&service.ClusterService{ 560 Cluster: "cluster1", 561 Namespace: "bar", 562 Name: "foo", 563 Backends: map[string]service.PortConfiguration{ 564 "3.3.3.3": map[string]*loadbalancer.L4Addr{ 565 "port": {Protocol: loadbalancer.TCP, Port: 80}, 566 }, 567 }, 568 }) 569 570 // The service is unshared, it should not trigger an update 571 time.Sleep(100 * time.Millisecond) 572 573 select { 574 case <-svcCache.Events: 575 c.Error("Unexpected service event received") 576 default: 577 } 578 }