* Added locks on request tracker before accessing fields
Unit test StatefulSetAutoDeletePVCEnabled has been
flaking with DATARACE. Added lock on request tracker
before accessing err field.
* Addressed review comments for PR : Added locks on request tracker before accessing fields
The repair loop are great for saving us of leaks, but the side effect
is that bugs can go unnoticed for a long time, so we need some
signal to be able to identify those errors proactivily.
Add two new metrics to identify:
- errors on the reconcile loop
- errors per clusterip
The repair loop are great for saving us of leaks, but the side effect
is that bugs can go unnoticed for a long time, so we need some
signal to be able to identify those errors proactivily.
Add two new metrics to identify:
- errors on the reconcile loop
- errors per nodeport
This change bypasses all logic to set swap in the linux container
resources if a swap controller is not available on node. Failing
to do so may cause errors in runc when starting a container with
a swap configuration -- even if this is set to 0.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
TestLoadBalancer and TestHealthCheckNodePort still had iptables rules
checks, but they also have sufficient runPacketFlowTests checks to
cover everything we care about.
(This leaves only TestOverallIPTablesRules and
TestSyncProxyRulesRepeated using assertIPTablesRulesEqual.)
For consistency with TestExternalTrafficPolicyLocal, test all of the
Cluster external traffic policy cases together here (ensuring that
masquerading happens where needed). Drop the assertIPTablesRulesEqual
test in favor of runPacketFlowTests.
Merge TestOnlyLocalExternalIPs, TestOnlyLocalLoadBalancing, and
TestOnlyLocalNodePorts together into TestExternalTrafficPolicyLocal.
Drop the assertIPTablesRulesEqual tests in favor of
runPacketFlowTests.
Remove TestOnlyLocalNodePortsNoClusterCIDR; the relevant bits of the
"no local detector" case are already fully covered by
TestInternalExternalMasquerade.
Previously we had TestNodePort, which tested basic NodePort behavior,
plus Test{Enable,Disable}LocalhostNodePorts{IPv4,IPv6} to test the
behavior of --localhost-nodeports under IPv4 and IPv6, plus
TestDisableLocalhostNodePortsIPv4WithNodeAddress to test
--nodeport-addresses.
Merge all of these together into TestNodePorts, and use
runPacketFlowTests to check the results rather than
assertIPTablesRulesEqual.
The packet tracer is not full-featured enough to be able to check the
"anti martian packet spoofing" rule, so we check the iptables dump for
that manually.
(This also fixes the --localhost-nodeport tests to use the same IP
ranges as most of the other tests now.)
Merge TestClusterIPReject, TestExternalIPsReject, TestNodePortReject,
and TestLoadBalancerReject into a single test.
Also remove the assertIPTablesRulesEqual tests because the packet flow
tests cover all of the details we care about here.
Create some ClusterIP services and use runPacketFlowTests to test
general functionality:
- normal connection
- hairpin connection
- multiple endpoints
- port != targetPort
- multiple protocols on same port
Remove the assertIPTablesRulesEqual test because the packet flow tests
cover all of the details we care about here.
Previously this was used to assert "something changed since the last
sync", but we already have packet flow tests in all of those cases now
to assert that the *specific* something we care about changed.
Rename TestOverallIPTablesRulesWithMultipleServices to just
TestOverallIPTablesRules, and add one rule type we weren't previously
testing (session affinity).
This change switches to using isCgroup2UnifiedMode locally to ensure
that any mocked function is also used when checking the swap controller
availability.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
