minikube/test/integration/net_test.go

// +build integration

/*
Copyright 2016 The Kubernetes Authors All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package integration

import (
	"bytes"
	"context"
	"fmt"
	"os/exec"
	"path/filepath"
	"strings"
	"testing"
	"time"

	"k8s.io/minikube/pkg/kapi"
	"k8s.io/minikube/pkg/util/retry"
)

// TestCNIFalse checks that minikube returns and error
// if container runtime is "containerd" or "crio"
// and --cni=false
func TestCNIFalse(t *testing.T) {
	cr := ContainerRuntime()
	profile := UniqueProfileName("no-cni-" + cr)
	ctx, cancel := context.WithTimeout(context.Background(), Minutes(1))
	defer CleanupWithLogs(t, profile, cancel)

	startArgs := []string{"start", "-p", profile, "--memory=2048", "--alsologtostderr", "--cni=false", "--container-runtime=" + cr}
	startArgs = append(startArgs, StartArgs()...)
	mkCmd := exec.CommandContext(ctx, Target(), startArgs...)
	rr, err := Run(t, mkCmd)
	if err == nil {
		t.Errorf("%s expected to fail", mkCmd)
	}
	expectedMsg := fmt.Sprintf("The %q container runtime requires CNI", cr)
	if !strings.Contains(rr.Output(), expectedMsg) {
		t.Errorf("Expected %q line not found in output %s", expectedMsg, rr.Output())
	}
}

// TestCNIFalseForce checks that minikube returns not error
// if container runtime is "containerd" or "crio"
// and --cni=false, but --force=true
func TestCNIFalseForce(t *testing.T) {
	cr := ContainerRuntime()
	profile := UniqueProfileName("no-cni-" + cr)
	ctx, cancel := context.WithTimeout(context.Background(), Minutes(1))
	defer CleanupWithLogs(t, profile, cancel)

	startArgs := []string{"start", "-p", profile, "--memory=2048", "--alsologtostderr", "--cni=false", "--container-runtime=" + cr}
	startArgs = append(startArgs, StartArgs()...)
	mkCmd := exec.CommandContext(ctx, Target(), startArgs...)
	rr, err := Run(t, mkCmd)
	if err == nil {
		t.Errorf("%s expected to fail", mkCmd)
	}
	expectedMsg := fmt.Sprintf("You have chosen to disable the CNI but the %q container runtime requires CNI", cr)
	if !strings.Contains(rr.Output(), expectedMsg) {
		t.Errorf("Expected %q line not found in output %s", expectedMsg, rr.Output())
	}
}

// TestNetworkPlugins tests all supported CNI options
// Options tested: kubenet, bridge, flannel, kindnet, calico, cilium
// Flags tested: enable-default-cni (legacy), false (CNI off), auto-detection
func TestNetworkPlugins(t *testing.T) {
	MaybeParallel(t)
	if NoneDriver() {
		t.Skip("skipping since test for none driver")
	}

	t.Run("group", func(t *testing.T) {
		tests := []struct {
			name          string
			args          []string
			kubeletPlugin string
			podLabel      string
			hairpin       bool
		}{
			// for containerd and crio runtimes kindnet CNI is used by default and hairpin is enabled
			{"auto", []string{}, "", "", ContainerRuntime() != "docker"},
			{"kubenet", []string{"--network-plugin=kubenet"}, "kubenet", "", true},
			{"bridge", []string{"--cni=bridge"}, "cni", "", true},
			{"enable-default-cni", []string{"--enable-default-cni=true"}, "cni", "", true},
			{"flannel", []string{"--cni=flannel"}, "cni", "app=flannel", true},
			{"kindnet", []string{"--cni=kindnet"}, "cni", "app=kindnet", true},
			{"false", []string{"--cni=false"}, "", "", false},
			{"custom-weave", []string{fmt.Sprintf("--cni=%s", filepath.Join(*testdataDir, "weavenet.yaml"))}, "cni", "", true},
			{"calico", []string{"--cni=calico"}, "cni", "k8s-app=calico-node", true},
			{"cilium", []string{"--cni=cilium"}, "cni", "k8s-app=cilium", true},
		}

		for _, tc := range tests {
			tc := tc

			t.Run(tc.name, func(t *testing.T) {
				if DockerDriver() && strings.Contains(tc.name, "flannel") {
					t.Skipf("flannel is not yet compatible with Docker driver: iptables v1.8.3 (legacy): Couldn't load target `CNI-x': No such file or directory")
				}

				if ContainerRuntime() != "docker" && tc.name == "false" {
					t.Skipf("skipping the test as CNI is required for container runtime %s", ContainerRuntime())
				}

				if ContainerRuntime() != "docker" && tc.name == "kubenet" {
					// CNI is disabled when --network-plugin=kubenet option is passed. See cni.New(..) function
					// But for containerd/crio CNI has to be configured
					t.Skipf("Skipping the test as %s container runtimes requires CNI", ContainerRuntime())
				}

				start := time.Now()
				MaybeParallel(t)
				profile := UniqueProfileName(tc.name)

				ctx, cancel := context.WithTimeout(context.Background(), Minutes(40))
				defer CleanupWithLogs(t, profile, cancel)

				startArgs := append([]string{"start", "-p", profile, "--memory=2048", "--alsologtostderr", "--wait=true", "--wait-timeout=5m"}, tc.args...)
				startArgs = append(startArgs, StartArgs()...)

				t.Run("Start", func(t *testing.T) {
					_, err := Run(t, exec.CommandContext(ctx, Target(), startArgs...))
					if err != nil {
						t.Fatalf("failed start: %v", err)
					}
				})

				if !t.Failed() && tc.podLabel != "" {
					t.Run("ControllerPod", func(t *testing.T) {
						if _, err := PodWait(ctx, t, profile, "kube-system", tc.podLabel, Minutes(10)); err != nil {
							t.Fatalf("failed waiting for %s labeled pod: %v", tc.podLabel, err)
						}
					})
				}
				if !t.Failed() {
					t.Run("KubeletFlags", func(t *testing.T) {
						var rr *RunResult
						var err error
						if NoneDriver() {
							// none does not support 'minikube ssh'
							rr, err = Run(t, exec.CommandContext(ctx, "pgrep", "-a", "kubelet"))
						} else {
							rr, err = Run(t, exec.CommandContext(ctx, Target(), "ssh", "-p", profile, "pgrep -a kubelet"))
						}
						if err != nil {
							t.Fatalf("ssh failed: %v", err)
						}
						out := rr.Stdout.String()
						verifyKubeletFlagsOutput(t, tc.kubeletPlugin, out)
					})
				}

				if !t.Failed() {
					t.Run("NetCatPod", func(t *testing.T) {
						_, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "replace", "--force", "-f", filepath.Join(*testdataDir, "netcat-deployment.yaml")))
						if err != nil {
							t.Errorf("failed to apply netcat manifest: %v", err)
						}

						client, err := kapi.Client(profile)
						if err != nil {
							t.Fatalf("failed to get Kubernetes client for %s: %v", profile, err)
						}

						if err := kapi.WaitForDeploymentToStabilize(client, "default", "netcat", Minutes(15)); err != nil {
							t.Errorf("failed waiting for netcat deployment to stabilize: %v", err)
						}

						if _, err := PodWait(ctx, t, profile, "default", "app=netcat", Minutes(15)); err != nil {
							t.Fatalf("failed waiting for netcat pod: %v", err)
						}

					})
				}

				if strings.Contains(tc.name, "weave") {
					t.Skipf("skipping remaining tests for weave, as results can be unpredictable")
				}

				if !t.Failed() {
					t.Run("DNS", func(t *testing.T) {
						var rr *RunResult
						var err error

						nslookup := func() error {
							rr, err = Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "exec", "deployment/netcat", "--", "nslookup", "kubernetes.default"))
							return err
						}

						// If the coredns process was stable, this retry wouldn't be necessary.
						if err := retry.Expo(nslookup, 1*time.Second, Minutes(6)); err != nil {
							t.Errorf("failed to do nslookup on kubernetes.default: %v", err)
						}

						want := []byte("10.96.0.1")
						if !bytes.Contains(rr.Stdout.Bytes(), want) {
							t.Errorf("failed nslookup: got=%q, want=*%q*", rr.Stdout.Bytes(), want)
						}
					})
				}

				if !t.Failed() {
					t.Run("Localhost", func(t *testing.T) {
						tryLocal := func() error {
							_, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "exec", "deployment/netcat", "--", "/bin/sh", "-c", "nc -w 5 -i 5 -z localhost 8080"))
							return err
						}

						if err := retry.Expo(tryLocal, 1*time.Second, Seconds(60)); err != nil {
							t.Errorf("failed to connect via localhost: %v", err)
						}
					})
				}

				if !t.Failed() {
					t.Run("HairPin", func(t *testing.T) {
						validateHairpinMode(ctx, t, profile, tc.hairpin)
					})
				}

				t.Logf("%q test finished in %s, failed=%v", tc.name, time.Since(start), t.Failed())
			})
		}
	})
}

// validateHairpinMode makes sure the hairpinning (https://en.wikipedia.org/wiki/Hairpinning) is correctly configured for given CNI
// try to access deployment/netcat pod using external, obtained from 'netcat' service dns resolution, IP address
// should fail if hairpinMode is off
func validateHairpinMode(ctx context.Context, t *testing.T, profile string, hairpin bool) {
	tryHairPin := func() error {
		_, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "exec", "deployment/netcat", "--", "/bin/sh", "-c", "nc -w 5 -i 5 -z netcat 8080"))
		return err
	}
	if hairpin {
		if err := retry.Expo(tryHairPin, 1*time.Second, Seconds(60)); err != nil {
			t.Errorf("failed to connect via pod host: %v", err)
		}
	} else {
		if tryHairPin() == nil {
			t.Fatalf("hairpin connection unexpectedly succeeded - misconfigured test?")
		}
	}
}

func verifyKubeletFlagsOutput(t *testing.T, kubeletPlugin, out string) {
	if kubeletPlugin == "" {
		if strings.Contains(out, "--network-plugin") && ContainerRuntime() == "docker" {
			t.Errorf("expected no network plug-in, got %s", out)
		}
		if !strings.Contains(out, "--network-plugin=cni") && ContainerRuntime() != "docker" {
			t.Errorf("expected cni network plugin with conatinerd/crio, got %s", out)
		}
	} else if !strings.Contains(out, fmt.Sprintf("--network-plugin=%s", kubeletPlugin)) {
		t.Errorf("expected --network-plugin=%s, got %s", kubeletPlugin, out)
	}
}
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`// +build integration`

			`/*`
			`Copyright 2016 The Kubernetes Authors All rights reserved.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

			`package integration`

			`import (`
			`"bytes"`
			`"context"`
			`"fmt"`
			`"os/exec"`
			`"path/filepath"`
			`"strings"`
			`"testing"`
			`"time"`

			`"k8s.io/minikube/pkg/kapi"`
			`"k8s.io/minikube/pkg/util/retry"`
			`)`

Add integration test 2021-05-19 20:25:42 +00:00			`// TestCNIFalse checks that minikube returns and error`
			`// if container runtime is "containerd" or "crio"`
			`// and --cni=false`
			`func TestCNIFalse(t *testing.T) {`
Update tests 2021-05-20 17:58:38 +00:00			`cr := ContainerRuntime()`
			`profile := UniqueProfileName("no-cni-" + cr)`
			`ctx, cancel := context.WithTimeout(context.Background(), Minutes(1))`
			`defer CleanupWithLogs(t, profile, cancel)`
Add integration test 2021-05-19 20:25:42 +00:00
Update tests 2021-05-20 17:58:38 +00:00			`startArgs := []string{"start", "-p", profile, "--memory=2048", "--alsologtostderr", "--cni=false", "--container-runtime=" + cr}`
			`startArgs = append(startArgs, StartArgs()...)`
			`mkCmd := exec.CommandContext(ctx, Target(), startArgs...)`
			`rr, err := Run(t, mkCmd)`
			`if err == nil {`
			`t.Errorf("%s expected to fail", mkCmd)`
			`}`
			`expectedMsg := fmt.Sprintf("The %q container runtime requires CNI", cr)`
			`if !strings.Contains(rr.Output(), expectedMsg) {`
			`t.Errorf("Expected %q line not found in output %s", expectedMsg, rr.Output())`
update tests 2021-05-19 22:13:21 +00:00			`}`
			`}`

			`// TestCNIFalseForce checks that minikube returns not error`
			`// if container runtime is "containerd" or "crio"`
			`// and --cni=false, but --force=true`
			`func TestCNIFalseForce(t *testing.T) {`
Update tests 2021-05-20 17:58:38 +00:00			`cr := ContainerRuntime()`
			`profile := UniqueProfileName("no-cni-" + cr)`
			`ctx, cancel := context.WithTimeout(context.Background(), Minutes(1))`
			`defer CleanupWithLogs(t, profile, cancel)`
update tests 2021-05-19 22:13:21 +00:00
Update tests 2021-05-20 17:58:38 +00:00			`startArgs := []string{"start", "-p", profile, "--memory=2048", "--alsologtostderr", "--cni=false", "--container-runtime=" + cr}`
			`startArgs = append(startArgs, StartArgs()...)`
			`mkCmd := exec.CommandContext(ctx, Target(), startArgs...)`
			`rr, err := Run(t, mkCmd)`
			`if err == nil {`
			`t.Errorf("%s expected to fail", mkCmd)`
			`}`
			`expectedMsg := fmt.Sprintf("You have chosen to disable the CNI but the %q container runtime requires CNI", cr)`
			`if !strings.Contains(rr.Output(), expectedMsg) {`
			`t.Errorf("Expected %q line not found in output %s", expectedMsg, rr.Output())`
Add integration test 2021-05-19 20:25:42 +00:00			`}`
			`}`

add docs for all integration tests and generate docs with them 2021-04-16 20:42:41 +00:00			`// TestNetworkPlugins tests all supported CNI options`
			`// Options tested: kubenet, bridge, flannel, kindnet, calico, cilium`
			`// Flags tested: enable-default-cni (legacy), false (CNI off), auto-detection`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`func TestNetworkPlugins(t *testing.T) {`
			`MaybeParallel(t)`
Run CNI tests on containerd 2021-01-25 22:51:35 +00:00			`if NoneDriver() {`
			`t.Skip("skipping since test for none driver")`
			`}`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00
			`t.Run("group", func(t *testing.T) {`
			`tests := []struct {`
			`name string`
			`args []string`
			`kubeletPlugin string`
			`podLabel string`
			`hairpin bool`
			`}{`
test for hairpinMode=true for default CNI with containerd and cri-o runtimes 2021-05-11 18:30:47 +00:00			`// for containerd and crio runtimes kindnet CNI is used by default and hairpin is enabled`
			`{"auto", []string{}, "", "", ContainerRuntime() != "docker"},`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`{"kubenet", []string{"--network-plugin=kubenet"}, "kubenet", "", true},`
			`{"bridge", []string{"--cni=bridge"}, "cni", "", true},`
			`{"enable-default-cni", []string{"--enable-default-cni=true"}, "cni", "", true},`
			`{"flannel", []string{"--cni=flannel"}, "cni", "app=flannel", true},`
			`{"kindnet", []string{"--cni=kindnet"}, "cni", "app=kindnet", true},`
			`{"false", []string{"--cni=false"}, "", "", false},`
			`{"custom-weave", []string{fmt.Sprintf("--cni=%s", filepath.Join(*testdataDir, "weavenet.yaml"))}, "cni", "", true},`
Add support for Calico CNI (--cni=calico) 2020-06-26 18:21:15 +00:00			`{"calico", []string{"--cni=calico"}, "cni", "k8s-app=calico-node", true},`
Add support for Cilium CNI (--cni=cilium) 2020-06-26 18:55:30 +00:00			`{"cilium", []string{"--cni=cilium"}, "cni", "k8s-app=cilium", true},`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`}`

			`for _, tc := range tests {`
			`tc := tc`

			`t.Run(tc.name, func(t *testing.T) {`
Skip flannel if Docker, weave hairpin 2020-06-24 16:18:34 +00:00			`if DockerDriver() && strings.Contains(tc.name, "flannel") {`
			t.Skipf("flannel is not yet compatible with Docker driver: iptables v1.8.3 (legacy): Couldn't load target `CNI-x': No such file or directory")
			`}`

fix container runtime check 2021-05-17 22:21:32 +00:00			`if ContainerRuntime() != "docker" && tc.name == "false" {`
Skip network tests with disabled CNI for containerd/crio runtimes 2021-05-12 22:39:53 +00:00			`t.Skipf("skipping the test as CNI is required for container runtime %s", ContainerRuntime())`
			`}`

fix container runtime check 2021-05-17 17:40:51 +00:00			`if ContainerRuntime() != "docker" && tc.name == "kubenet" {`
Add comment 2021-05-14 19:03:05 +00:00			`// CNI is disabled when --network-plugin=kubenet option is passed. See cni.New(..) function`
trigger build 2021-05-14 23:06:17 +00:00			`// But for containerd/crio CNI has to be configured`
Skip network test with kindnet if container runtime is not docker 2021-05-14 17:46:01 +00:00			`t.Skipf("Skipping the test as %s container runtimes requires CNI", ContainerRuntime())`
			`}`

Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`start := time.Now()`
			`MaybeParallel(t)`
			`profile := UniqueProfileName(tc.name)`

Make test timeouts extremely pessimistic 2020-06-24 03:12:19 +00:00			`ctx, cancel := context.WithTimeout(context.Background(), Minutes(40))`
cni testing: Add post-mortem logs, skip DNS tests for weave 2020-06-26 16:54:38 +00:00			`defer CleanupWithLogs(t, profile, cancel)`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00
fix insufficient memory issues 2021-04-08 22:39:12 +00:00			`startArgs := append([]string{"start", "-p", profile, "--memory=2048", "--alsologtostderr", "--wait=true", "--wait-timeout=5m"}, tc.args...)`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`startArgs = append(startArgs, StartArgs()...)`

			`t.Run("Start", func(t *testing.T) {`
			`_, err := Run(t, exec.CommandContext(ctx, Target(), startArgs...))`
			`if err != nil {`
			`t.Fatalf("failed start: %v", err)`
			`}`
			`})`

			`if !t.Failed() && tc.podLabel != "" {`
			`t.Run("ControllerPod", func(t *testing.T) {`
Make test timeouts extremely pessimistic 2020-06-24 03:12:19 +00:00			`if _, err := PodWait(ctx, t, profile, "kube-system", tc.podLabel, Minutes(10)); err != nil {`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`t.Fatalf("failed waiting for %s labeled pod: %v", tc.podLabel, err)`
			`}`
			`})`
			`}`
			`if !t.Failed() {`
			`t.Run("KubeletFlags", func(t *testing.T) {`
Build fix 2021-05-13 17:45:05 +00:00			`var rr *RunResult`
			`var err error`
none CNI: error if portmap plug-in is required but unavailable. Make testable 2020-07-08 21:30:48 +00:00			`if NoneDriver() {`
move comment 2021-05-17 22:11:55 +00:00			`// none does not support 'minikube ssh'`
none CNI: error if portmap plug-in is required but unavailable. Make testable 2020-07-08 21:30:48 +00:00			`rr, err = Run(t, exec.CommandContext(ctx, "pgrep", "-a", "kubelet"))`
Build fix 2021-05-13 17:45:05 +00:00			`} else {`
			`rr, err = Run(t, exec.CommandContext(ctx, Target(), "ssh", "-p", profile, "pgrep -a kubelet"))`
none CNI: error if portmap plug-in is required but unavailable. Make testable 2020-07-08 21:30:48 +00:00			`}`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`if err != nil {`
			`t.Fatalf("ssh failed: %v", err)`
			`}`
			`out := rr.Stdout.String()`
Fix cyclomatic complexity lint error 2021-02-09 22:20:25 +00:00			`verifyKubeletFlagsOutput(t, tc.kubeletPlugin, out)`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`})`
			`}`

			`if !t.Failed() {`
			`t.Run("NetCatPod", func(t *testing.T) {`
			`_, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "replace", "--force", "-f", filepath.Join(*testdataDir, "netcat-deployment.yaml")))`
			`if err != nil {`
			`t.Errorf("failed to apply netcat manifest: %v", err)`
			`}`

			`client, err := kapi.Client(profile)`
			`if err != nil {`
			`t.Fatalf("failed to get Kubernetes client for %s: %v", profile, err)`
			`}`

Make test timeouts extremely pessimistic 2020-06-24 03:12:19 +00:00			`if err := kapi.WaitForDeploymentToStabilize(client, "default", "netcat", Minutes(15)); err != nil {`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`t.Errorf("failed waiting for netcat deployment to stabilize: %v", err)`
			`}`

Make test timeouts extremely pessimistic 2020-06-24 03:12:19 +00:00			`if _, err := PodWait(ctx, t, profile, "default", "app=netcat", Minutes(15)); err != nil {`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`t.Fatalf("failed waiting for netcat pod: %v", err)`
			`}`

			`})`
			`}`

cni testing: Add post-mortem logs, skip DNS tests for weave 2020-06-26 16:54:38 +00:00			`if strings.Contains(tc.name, "weave") {`
			`t.Skipf("skipping remaining tests for weave, as results can be unpredictable")`
			`}`

Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`if !t.Failed() {`
			`t.Run("DNS", func(t *testing.T) {`
			`var rr *RunResult`
			`var err error`

			`nslookup := func() error {`
			`rr, err = Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "exec", "deployment/netcat", "--", "nslookup", "kubernetes.default"))`
			`return err`
			`}`

			`// If the coredns process was stable, this retry wouldn't be necessary.`
Wait longer for DNS and etcd to come to an agreement 2020-07-17 02:57:14 +00:00			`if err := retry.Expo(nslookup, 1*time.Second, Minutes(6)); err != nil {`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`t.Errorf("failed to do nslookup on kubernetes.default: %v", err)`
			`}`

			`want := []byte("10.96.0.1")`
			`if !bytes.Contains(rr.Stdout.Bytes(), want) {`
			`t.Errorf("failed nslookup: got=%q, want=%q", rr.Stdout.Bytes(), want)`
			`}`
			`})`
			`}`

			`if !t.Failed() {`
			`t.Run("Localhost", func(t *testing.T) {`
			`tryLocal := func() error {`
			`_, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "exec", "deployment/netcat", "--", "/bin/sh", "-c", "nc -w 5 -i 5 -z localhost 8080"))`
			`return err`
			`}`

Make test timeouts extremely pessimistic 2020-06-24 03:12:19 +00:00			`if err := retry.Expo(tryLocal, 1*time.Second, Seconds(60)); err != nil {`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`t.Errorf("failed to connect via localhost: %v", err)`
			`}`
			`})`
			`}`

			`if !t.Failed() {`
			`t.Run("HairPin", func(t *testing.T) {`
fix comments 2021-05-11 23:59:08 +00:00			`validateHairpinMode(ctx, t, profile, tc.hairpin)`
Add --cni flag, fix --network-plugin=kubenet 2020-06-24 03:10:25 +00:00			`})`
			`}`

			`t.Logf("%q test finished in %s, failed=%v", tc.name, time.Since(start), t.Failed())`
			`})`
			`}`
			`})`
			`}`
Fix cyclomatic complexity lint error 2021-02-09 22:20:25 +00:00
fix comments 2021-05-11 23:59:08 +00:00			`// validateHairpinMode makes sure the hairpinning (https://en.wikipedia.org/wiki/Hairpinning) is correctly configured for given CNI`
			`// try to access deployment/netcat pod using external, obtained from 'netcat' service dns resolution, IP address`
			`// should fail if hairpinMode is off`
			`func validateHairpinMode(ctx context.Context, t *testing.T, profile string, hairpin bool) {`
add comments 2021-05-11 20:12:36 +00:00			`tryHairPin := func() error {`
			`_, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "exec", "deployment/netcat", "--", "/bin/sh", "-c", "nc -w 5 -i 5 -z netcat 8080"))`
			`return err`
			`}`
			`if hairpin {`
			`if err := retry.Expo(tryHairPin, 1*time.Second, Seconds(60)); err != nil {`
			`t.Errorf("failed to connect via pod host: %v", err)`
			`}`
			`} else {`
			`if tryHairPin() == nil {`
			`t.Fatalf("hairpin connection unexpectedly succeeded - misconfigured test?")`
			`}`
			`}`
			`}`

Fix cyclomatic complexity lint error 2021-02-09 22:20:25 +00:00			`func verifyKubeletFlagsOutput(t *testing.T, kubeletPlugin, out string) {`
			`if kubeletPlugin == "" {`
			`if strings.Contains(out, "--network-plugin") && ContainerRuntime() == "docker" {`
			`t.Errorf("expected no network plug-in, got %s", out)`
			`}`
			`if !strings.Contains(out, "--network-plugin=cni") && ContainerRuntime() != "docker" {`
			`t.Errorf("expected cni network plugin with conatinerd/crio, got %s", out)`
			`}`
			`} else if !strings.Contains(out, fmt.Sprintf("--network-plugin=%s", kubeletPlugin)) {`
			`t.Errorf("expected --network-plugin=%s, got %s", kubeletPlugin, out)`
			`}`
			`}`