OnlyLocal nodeports#33587
Conversation
|
I guess I should write an e2e as well |
|
Jenkins GCI GKE smoke e2e failed for commit 554e649d10cc19be6159a7b398eae22cd7e1d6c0. Full PR test history. The magic incantation to run this job again is |
| localEndpointChains = append(localEndpointChains, endpointChains[i]) | ||
| } | ||
| } | ||
| // First rule in the chain redirects all pod -> external vip traffic to the |
There was a problem hiding this comment.
I do not understand this rule. If you jump to KUBE-SVC chain from KUBE-XLB chain. Then it may reach any backend pods right?
There was a problem hiding this comment.
Oh I see the bug now. You want to allow pods on the node to access the LB.
|
LGTM cherry pick it for 1.4? Or since it is alpha, do not care. |
|
@bprashanth you mentioned that this might partially fix #33081. Which part does this fix? |
|
@kdima the blackholing part. You just get dnatted to your endpoints, not out to the public lb and back down to your endpoints. |
|
@bprashanth |
554e649 to
06cbb36
Compare
|
@kdima thanks! |
|
I didn't actually change anything, just rebased, so I'm re-applying lgtm |
|
Jenkins GKE smoke e2e failed for commit 06cbb36. Full PR test history. The magic incantation to run this job again is |
|
I would say the failure is from this pr at this point but I've seen identical failures across the board. |
|
Jenkins unit/integration failed for commit 06cbb36. Full PR test history. The magic incantation to run this job again is |
|
This change is prime suspect for drastic increase in flakiness of the |
Automatic merge from submit-queue Remove onlyLocal NodePort e2e till pr #33957 We were basically testing this bug: #30809 We fixed the bug: #33587, but forgot to remove the "test". This pr adds a test for the new feature: #33957 (ensure that nodePort with onlyLocal works only on nodes with endpoints and fails otherwise) fixes #34124
90% unittests.
Code changes:
NodePorts still don't get firewalls: #33586
This change is