Merge pull request #97987 from jayunit100/directly_resolve_dns
directly query dns and resolve it in the e2es for windows
This commit is contained in:
		| @@ -18,7 +18,6 @@ package windows | |||||||
|  |  | ||||||
| import ( | import ( | ||||||
| 	"context" | 	"context" | ||||||
| 	"regexp" |  | ||||||
| 	"strings" | 	"strings" | ||||||
|  |  | ||||||
| 	v1 "k8s.io/api/core/v1" | 	v1 "k8s.io/api/core/v1" | ||||||
| @@ -37,58 +36,100 @@ var _ = SIGDescribe("[Feature:Windows] DNS", func() { | |||||||
| 	}) | 	}) | ||||||
|  |  | ||||||
| 	f := framework.NewDefaultFramework("dns") | 	f := framework.NewDefaultFramework("dns") | ||||||
|  |  | ||||||
| 	ginkgo.It("should support configurable pod DNS servers", func() { | 	ginkgo.It("should support configurable pod DNS servers", func() { | ||||||
| 		ginkgo.By("Preparing a test DNS service with injected DNS names...") |  | ||||||
| 		testInjectedIP := "1.1.1.1" |  | ||||||
| 		testSearchPath := "resolv.conf.local" |  | ||||||
|  |  | ||||||
| 		ginkgo.By("Creating a pod with dnsPolicy=None and customized dnsConfig...") | 		ginkgo.By("Getting the IP address of the internal Kubernetes service") | ||||||
| 		testUtilsPod := e2epod.NewAgnhostPod(f.Namespace.Name, "e2e-dns-utils", nil, nil, nil) |  | ||||||
| 		testUtilsPod.Spec.DNSPolicy = v1.DNSNone | 		svc, err := f.ClientSet.CoreV1().Services("kube-system").Get(context.TODO(), "kube-dns", metav1.GetOptions{}) | ||||||
| 		testUtilsPod.Spec.DNSConfig = &v1.PodDNSConfig{ | 		framework.ExpectNoError(err) | ||||||
| 			Nameservers: []string{testInjectedIP}, |  | ||||||
|  | 		ginkgo.By("Preparing a test DNS service with injected DNS names...") | ||||||
|  | 		// the default service IP will vary from cluster to cluster, but will always be present and is a good DNS test target | ||||||
|  | 		testInjectedIP := svc.Spec.ClusterIP | ||||||
|  | 		testSearchPath := "default.svc.cluster.local" | ||||||
|  |  | ||||||
|  | 		ginkgo.By("Creating a windows pod with dnsPolicy=None and customized dnsConfig...") | ||||||
|  | 		testPod := e2epod.NewAgnhostPod(f.Namespace.Name, "e2e-dns-utils", nil, nil, nil) | ||||||
|  | 		testPod.Spec.DNSPolicy = v1.DNSNone | ||||||
|  | 		testPod.Spec.DNSConfig = &v1.PodDNSConfig{ | ||||||
|  | 			Nameservers: []string{testInjectedIP, "1.1.1.1"}, | ||||||
| 			Searches:    []string{testSearchPath}, | 			Searches:    []string{testSearchPath}, | ||||||
| 		} | 		} | ||||||
| 		testUtilsPod.Spec.NodeSelector = map[string]string{ | 		testPod.Spec.NodeSelector = map[string]string{ | ||||||
| 			"kubernetes.io/os": "windows", | 			"kubernetes.io/os": "windows", | ||||||
| 		} | 		} | ||||||
| 		testUtilsPod, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(context.TODO(), testUtilsPod, metav1.CreateOptions{}) | 		testPod, err = f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(context.TODO(), testPod, metav1.CreateOptions{}) | ||||||
| 		framework.ExpectNoError(err) | 		framework.ExpectNoError(err) | ||||||
| 		framework.Logf("Created pod %v", testUtilsPod) |  | ||||||
|  | 		ginkgo.By("confirming that the pod has a windows label") | ||||||
|  | 		framework.ExpectEqual(testPod.Spec.NodeSelector["kubernetes.io/os"], "windows") | ||||||
|  | 		framework.Logf("Created pod %v", testPod) | ||||||
| 		defer func() { | 		defer func() { | ||||||
| 			framework.Logf("Deleting pod %s...", testUtilsPod.Name) | 			framework.Logf("Deleting pod %s...", testPod.Name) | ||||||
| 			if err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Delete(context.TODO(), testUtilsPod.Name, *metav1.NewDeleteOptions(0)); err != nil { | 			if err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Delete(context.TODO(), testPod.Name, *metav1.NewDeleteOptions(0)); err != nil { | ||||||
| 				framework.Failf("Failed to delete pod %s: %v", testUtilsPod.Name, err) | 				framework.Failf("Failed to delete pod %s: %v", testPod.Name, err) | ||||||
| 			} | 			} | ||||||
| 		}() | 		}() | ||||||
| 		framework.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(f.ClientSet, testUtilsPod.Name, f.Namespace.Name), "failed to wait for pod %s to be running", testUtilsPod.Name) | 		framework.ExpectNoError(e2epod.WaitForPodNameRunningInNamespace(f.ClientSet, testPod.Name, f.Namespace.Name), "failed to wait for pod %s to be running", testPod.Name) | ||||||
|  |  | ||||||
| 		ginkgo.By("Verifying customized DNS option is configured on pod...") | 		// This isn't the best 'test' but it is a great diagnostic, see later test for the 'real' test. | ||||||
|  | 		ginkgo.By("Calling ipconfig to get debugging info for this pod's DNS and confirm that a dns server 1.1.1.1 can be injected, along with ") | ||||||
| 		cmd := []string{"ipconfig", "/all"} | 		cmd := []string{"ipconfig", "/all"} | ||||||
| 		stdout, _, err := f.ExecWithOptions(framework.ExecOptions{ | 		stdout, _, err := f.ExecWithOptions(framework.ExecOptions{ | ||||||
| 			Command:       cmd, | 			Command:       cmd, | ||||||
| 			Namespace:     f.Namespace.Name, | 			Namespace:     f.Namespace.Name, | ||||||
| 			PodName:       testUtilsPod.Name, | 			PodName:       testPod.Name, | ||||||
| 			ContainerName: "agnhost-container", | 			ContainerName: "agnhost-container", | ||||||
| 			CaptureStdout: true, | 			CaptureStdout: true, | ||||||
| 			CaptureStderr: true, | 			CaptureStderr: true, | ||||||
| 		}) | 		}) | ||||||
| 		framework.ExpectNoError(err) | 		framework.ExpectNoError(err) | ||||||
|  |  | ||||||
| 		framework.Logf("ipconfig /all:\n%s", stdout) | 		framework.Logf("ipconfig /all:\n%s", stdout) | ||||||
| 		dnsRegex, err := regexp.Compile(`DNS Servers[\s*.]*:(\s*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})+`) |  | ||||||
|  | 		if !strings.Contains(stdout, "1.1.1.1") { | ||||||
|  | 			framework.Failf("One of the custom DNS options 1.1.1.1, not found in ipconfig /all") | ||||||
|  | 		} | ||||||
|  |  | ||||||
|  | 		// We've now verified that the DNS stuff is injected...  now lets make sure that curl'ing 'wrong' endpoints fails, i.e. | ||||||
|  | 		// a negative control, to run before we run our final test... | ||||||
|  |  | ||||||
|  | 		ginkgo.By("Verifying that curl queries FAIL for wrong URLs") | ||||||
|  |  | ||||||
|  | 		// the below tests use curl because nslookup doesnt seem to use ndots properly | ||||||
|  | 		// ideally we'd use the powershell native ResolveDns but, that is not a part of agnhost images (as of k8s 1.20) | ||||||
|  | 		// TODO @jayunit100 add ResolveHost to agn images | ||||||
|  |  | ||||||
|  | 		cmd = []string{"curl.exe", "-k", "https://kubernetezzzzzzzz:443"} | ||||||
|  | 		stdout, _, err = f.ExecWithOptions(framework.ExecOptions{ | ||||||
|  | 			Command:       cmd, | ||||||
|  | 			Namespace:     f.Namespace.Name, | ||||||
|  | 			PodName:       testPod.Name, | ||||||
|  | 			ContainerName: "agnhost-container", | ||||||
|  | 			CaptureStdout: true, | ||||||
|  | 			CaptureStderr: true, | ||||||
|  | 		}) | ||||||
|  | 		if err == nil { | ||||||
|  | 			framework.Logf("Warning: Somehow the curl command succeeded... The output was \n %v", stdout) | ||||||
|  | 			framework.Failf("Expected a bogus URL query to fail - something is wrong with this test harness, cannot proceed.") | ||||||
|  | 		} | ||||||
|  |  | ||||||
|  | 		ginkgo.By("Verifying that injected dns records for 'kubernetes' resolve to the valid ip address") | ||||||
|  | 		cmd = []string{"curl.exe", "-k", "https://kubernetes:443"} | ||||||
|  | 		stdout, _, err = f.ExecWithOptions(framework.ExecOptions{ | ||||||
|  | 			Command:       cmd, | ||||||
|  | 			Namespace:     f.Namespace.Name, | ||||||
|  | 			PodName:       testPod.Name, | ||||||
|  | 			ContainerName: "agnhost-container", | ||||||
|  | 			CaptureStdout: true, | ||||||
|  | 			CaptureStderr: true, | ||||||
|  | 		}) | ||||||
|  | 		framework.Logf("Result of curling the kubernetes service... (Failure ok, only testing for the sake of DNS resolution) %v ... error = %v", stdout, err) | ||||||
|  |  | ||||||
|  | 		// curl returns an error if the host isnt resolved, otherwise, it will return a passing result. | ||||||
|  | 		if err != nil { | ||||||
| 			framework.ExpectNoError(err) | 			framework.ExpectNoError(err) | ||||||
|  |  | ||||||
| 		if dnsRegex.MatchString(stdout) { |  | ||||||
| 			match := dnsRegex.FindString(stdout) |  | ||||||
|  |  | ||||||
| 			if !strings.Contains(match, testInjectedIP) { |  | ||||||
| 				framework.Failf("customized DNS options not found in ipconfig /all, got: %s", match) |  | ||||||
| 			} |  | ||||||
| 		} else { |  | ||||||
| 			framework.Failf("cannot find DNS server info in ipconfig /all output: \n%s", stdout) |  | ||||||
| 		} | 		} | ||||||
|  |  | ||||||
| 		// TODO: Add more test cases for other DNSPolicies. | 		// TODO: Add more test cases for other DNSPolicies. | ||||||
| 	}) | 	}) | ||||||
| }) | }) | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Kubernetes Prow Robot
					Kubernetes Prow Robot