The patch is to fix a scenario when LB or Pool ID
is not available while attempting to reconcile members.
Change-Id: I3d6e09f0a17228994032eba2fecf9f7663e6cf14
This commit extends the loadbalancer reconcilation tempest
test to cover for when the listeners are deleted on OpenStack
Implements: blueprint reconcile-openstack-resources-with-k8s
Change-Id: If14b468e9a5f7d2c1492881d5a75ac8807030c4e
Seems like folks developing Python kubernetes client had move the
ApiException around. So the backward-compatible way of using it is
kubernetes.client.rest.ApiException and trying to use it by
kubernetes.client.excetpions.ApiException will not work in older library
versions. As this client is supposed to still be compatible with
stable/victoria and kubernetes==11.0.0, this commit changes the
exception module to `rest` where needed.
Change-Id: If056529d49a053970891f89d12007174f544a551
During execution it may happen, that there will be UnboundLocalError
exception thrown for crd_lb_ip variable, due to unmet condition for
service ip not being set in the KuryrLoadbalancerCRD. Fixed by simply
defining variable.
Change-Id: Ie879ba0b9b85111ec1b906d66ec48127ce8dd1f9
In test_kuryr_restart use one pod to check connectivity to the
created pods from this pod instead of assigning a fip for each created
pod. This can solve problems when there is shortage of floating ips.
Also, Don't fail on deletion of a pod in cleanup if it's not found
Change-Id: I55a33f88356ff3d1ef6ed0ce83bb102172e46023
Set kns_crd dictionary initial value in order to avoid the
unhandled error `UnboundLocalError: local variable 'kns_crd'
referenced before assignment` when the timeout_period is
reached.
Change-Id: I20f9c2400dd0ecf0171f02d7cfd3fc10923f4d18
When testing UDP connectivity to a Service we're using ncat with `-w 5`
option. This sets the connectivity timeout to that value. However our
`exec_command_in_pod()` method is run in async mode and defaults timeout
to wait for completion to just 2 seconds. This is in conflict and if for
some reason UDP server on the pod is slow, will terminate the request
before it's completed, leaving empty stdout but also stderr, so that we
won't even log the error response.
This commit bumps that timeout to 10 seconds to give the pod time to
actually response. I decided to bump it for all the checks as we've seen
this happening with SCTP tests as well and I expect this might have the
same cause.
Change-Id: I303b87d01496cf7353b2b8b699e0dce598e032ab
That support is long gone from kuryr-kubernetes and this commit removes
the tests that are no longer needed.
Change-Id: I3593285d09ecde0c2bdc14805adc39630a592a49
As the K8s client is logging every response to every request, we're
starting to hit limits of tox' or Zuul's log side limit. This commit
attempts to limit number of requests by making sure that in case of
status checks we're iterating a list of pods instead of calling API for
every pod. Moreover many `time.sleep()` occurences are modified to
reduce the number of the requests made.
Change-Id: Ifc2dfce2405429bbcae8c01f13f06d4e9fae9c8a
This test case automates the issue described in
BZ https://bugzilla.redhat.com/show_bug.cgi?id=1980957.
The new test case:
- creates a deployment with a failing readiness probe so all
the pods are not ready
- creates a service for the deployment (where the endpoints
are not ready)
- it checks Kuryr pods are not restarted
Change-Id: Id19f85625901b35900f9441aace8fe8938cb1d68
The test test_egress_np_to_service_wo_selector is failing in some
environments when checking the connectivity to services (before
the NP is applied). The endpoints are defined in kuryrloadbalancers
objects but the connectivity is not working.
This change adds the method wait_until_service_LB_is_active() and
calls it in that test before checking the connectivity to the
services.
Change-Id: I41cec1ea1db43e2fbeb0bf6d5fafb84c87e77d1c
For svc and route endpoint connectivity checks there is a repetition
parameter that can be tuned to be proportional to the expected number
of different endpoint responses.
For each expected different backend 10 repetitions seems to be enough
and it will save significant tests execution time.
Change-Id: Id9e6389bfafc89a4d407952ee0625a932b51ef38
The method has the status parameter but then it's not being used
to compare with the obtained status, as 'Running' is always used.
This change replaces the hardcoded status with the status parameter.
Change-Id: I7c716dd11f4ed14a31fd5d5aa4706db136cbbeed
Using the CONF.kuryr_kubernetes.lb_build_timeout config option instead
of the LB_TIMEOUT constant allows modifing the LB creation timeout for
different environments where the LB creation time can vary
significantly.
Remove LB_RECONCILE_TIMEOUT as well in favor of a new config option
CONF.kuryr_kubernetes.lb_reconcile_timeout.
Change-Id: Id1eb72c294abd6a2e5111bd0c7f97e311969b698
Remove the usage of the bool() method as it wasn't behaving as expected
- bool("False") returns True instead of False.
The get_readiness_state() method was returning a string when
container_name wasn't None and it's been changed to return a boolean
instead.
container.ready param is already a Boolean but condition.status is a
string.
Increase the timeout waiting for pods to be ready after scaling in the
scale_deployment() method.
Change-Id: Ie64f868b877ca4c9f1ff8916360638f013fc2926
For some unknown reason kubernetes==21.7.0 renamed V1EndpointPort to
CoreV1EndpointPort while other V1Endpoint* haven't got the prefix. This
seems like a bug, but in order to deal with it, this patch adds a
fallback to the new name.
Change-Id: I4c38c09faba99c8ca56abc0a32bc421011f9b2dd
Clean-up in get_pod_readiness() method definition and change a reference to
get_pod_readiness() by get_container_readiness().
Change-Id: Icf2b7b99d5142298bd9a11d79ae05e83932d270a
When the load balancer reconciliation is triggered
besides checking if the current lb ID is different
from the previous lb, the lb members should also be
configured. This commit enforces the existence of the
lb members. Also, it checks if the load balancer is
ACTIVE before checking connectivity.
Note, that it also removes the tempests gates to avoid
a circular dependency.
Change-Id: I64d8596f8d0504eeb898d40be7a11aa6635bca17
To avoid Tempest complaining about the length
of the logs and failing the job even when all
the tests have passed, sleeps need to included
between iterations to APIs.
Change-Id: I61f08125391f4a9d6f9c7befb53cb1e6f493a5c7
With the handling of Namespaces now being
dependent on Pods creation, tempests tests
need to get updated to account for that.
Change-Id: Id0879f128ca8c057ea6ec540fec0e76d656e7b13
- Create a deployment and a service
- Scale the deployment and check LB members count are equal to the
deployment replicas
- Scale the deployment to 0 and check that there are no LB members
Depends-On: Idb879245607a6f0f914a44220312d54aa40e2e3d
Change-Id: Ic1db03ea52d3796f669ec8e5a88b5da2481c0150
This adds a simple test checking traffic from service pods, through the
service and back to that service. This is a regression test related to
the problem with OVN changing the source IP for such traffic.
Depends-On: I7e0458c4071e4a43ab4d158429e05c67cd897a3c
Change-Id: I45e7c6b9a114283cf469472cbe867b343fe4c738
Related-Bug: 1923452
With the recent change on tempest[1] making the
_create_security_group method non-private, we should
adjust our tests to do the same.
[1] d9021ee302
Change-Id: Iff0b038b2887d51ff10b04cf0c8c2929199ddfc5
This patch adds a new test to check SCTP connectivity from pods.
The 'create_setup_for_service_test' and 'assert_backend_amount_from_pod'
functions were also extended to support SCTP services. The kuryr-sctp
application was also extended to support connection with IPv6 address family.
Partially-Implements: blueprint sctp-support
Change-Id: Ic63a2807238d3d879bb172d74b05bada2399f07f
test_port_pool fails and it seems that's because it takes time for the
Kuryr controller to be ready
Change-Id: I56a9e8aad87e2281ccae22ed7f66538990e740a3
To ensure that connectivity is working we need to create a new
tempest test, which will create a service without selectors,
create the endpoints and check the connectivity to the endpoints.
Depends-On: Ia6404c22132af3a17ce865c4f33a57b2b6832e9f
Change-Id: I07f24bb754f2dde24fe47b340ebec04440ff3890
Lately, Docker.io started to limit their resources[1], so it started to
be annoying in a cases of usual development, to typical test by CI
systems. Although our image is tiny, but still, we can observe that
limits were hit. Let's move on to the quay.io.
[1] https://www.docker.com/increase-rate-limit
Change-Id: I32af39344cb3e590a13bd07b64227d8acab6ccd0
exec_command_in_pod was hanging from time to time and we've set a 10
seconds timeout waiting for a response from it. This might be too little
as we very often see empty responses being returned. This commit
attempts to solve the issue by setting default timeout to 60 seconds.
Also the method used is changed from connect_get_namespaced_pod_exec to
connect_post_namespaced_pod_exec. This is what `kubectl` uses to
perform `exec`, so hopefully it'll be more reliable.
Depends-On: I3bbac8e90553be9424fa0ecdb4c05e096da8f2d7
Change-Id: I49ac4d066a0bd0da3833dcbf41655f7c9e374fd9
- Create a service and check connectivity to the service
- Create network policies with a podSelector with labels of the pods in the
service as well as for the tester pod and check connectivity to the service
- Deleting one of the service pods and creating a new one
- Check connectivity to the service and verify only one pod answering
- Create a new pod with the same label as the one we deleted
- Check connectivity to the service, expecting two pods answering
Also adds an option to create_network_policy to apply a rule to allow
traffic only from pods with specific labels
Change-Id: Ibf8113d9667c02a1b6d080aa50e91fde0809fd75
Depends-On: If23b311ed07578b3fbe85f46aa4a314e6a05b7f3