Filter pods that have out of range IP

Filter pods have IPs outside of the corresponding nodes' IP ranges.
kubernetes · Mar 14, 2023 · ef87f23 · ef87f23
1 parent 238eda1
commit ef87f23
Showing 1 changed file with 64 additions and 15 deletions.
diff --git a/pkg/neg/syncers/utils_test.go b/pkg/neg/syncers/utils_test.go
@@ -25,7 +25,6 @@ import (
 
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud"
 	"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/meta"
-	corev1 "k8s.io/api/core/v1"
 	v1 "k8s.io/api/core/v1"
 	discovery "k8s.io/api/discovery/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -1203,10 +1202,14 @@ func TestToZoneNetworkEndpointMapDegradedMode(t *testing.T) {
 
 	nodeLister := testContext.NodeInformer.GetIndexer()
 	for i := 1; i <= 4; i++ {
-		nodeLister.Add(&corev1.Node{
+		nodeLister.Add(&v1.Node{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: fmt.Sprintf("instance%v", i),
 			},
+			Spec: v1.NodeSpec{
+				PodCIDR:  fmt.Sprintf("10.100.%v.0/24", i),
+				PodCIDRs: []string{fmt.Sprintf("200%v:db8::/48", i), fmt.Sprintf("10.100.%v.0/24", i)},
+			},
 		})
 	}
 
@@ -1351,10 +1354,14 @@ func TestValidateAndAddEndpoints(t *testing.T) {
 	})
 
 	nodeLister := testContext.NodeInformer.GetIndexer()
-	nodeLister.Add(&corev1.Node{
+	nodeLister.Add(&v1.Node{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: instance1,
 		},
+		Spec: v1.NodeSpec{
+			PodCIDR:  "10.100.1.0/24",
+			PodCIDRs: []string{"2001:db8::/48", "10.100.1.0/24"},
+		},
 	})
 
 	testCases := []struct {
@@ -1369,7 +1376,7 @@ func TestValidateAndAddEndpoints(t *testing.T) {
 			ep: negtypes.AddressData{
 				Addresses: []string{"10.100.1.1"},
 				NodeName:  &instance1,
-				TargetRef: &corev1.ObjectReference{
+				TargetRef: &v1.ObjectReference{
 					Namespace: testNamespace,
 					Name:      "pod1",
 				},
@@ -1384,7 +1391,7 @@ func TestValidateAndAddEndpoints(t *testing.T) {
 			ep: negtypes.AddressData{
 				Addresses: []string{"10.100.1.1"},
 				NodeName:  nil,
-				TargetRef: &corev1.ObjectReference{
+				TargetRef: &v1.ObjectReference{
 					Namespace: testNamespace,
 					Name:      "pod1",
 				},
@@ -1399,7 +1406,7 @@ func TestValidateAndAddEndpoints(t *testing.T) {
 			ep: negtypes.AddressData{
 				Addresses: []string{"10.100.1.1"},
 				NodeName:  &emptyNodeName,
-				TargetRef: &corev1.ObjectReference{
+				TargetRef: &v1.ObjectReference{
 					Namespace: testNamespace,
 					Name:      "pod1",
 				},
@@ -1409,10 +1416,25 @@ func TestValidateAndAddEndpoints(t *testing.T) {
 			expectedEndpointMap: endpointMap,
 			expectedPodMap:      podMap,
 		},
+		{
+			desc: "endpoint with IP address doesn't correspond to any podIP(s)",
+			ep: negtypes.AddressData{
+				Addresses: []string{"10.100.1.2"},
+				NodeName:  &instance1,
+				TargetRef: &v1.ObjectReference{
+					Namespace: testNamespace,
+					Name:      "pod1",
+				},
+				Ready: ready,
+			},
+			endpointType:        negtypes.VmIpPortEndpointType,
+			expectedEndpointMap: map[string]negtypes.NetworkEndpointSet{},
+			expectedPodMap:      negtypes.EndpointPodMap{},
+		},
 		{
 			desc: "Non-GCP network endpoint",
 			ep: negtypes.AddressData{
-				TargetRef: &corev1.ObjectReference{
+				TargetRef: &v1.ObjectReference{
 					Namespace: testNamespace,
 					Name:      "pod1",
 				},
@@ -1453,10 +1475,16 @@ func TestValidatePod(t *testing.T) {
 	testNodeNonExistent := "node-non-existent"
 	testContext := negtypes.NewTestContext()
 	nodeLister := testContext.NodeInformer.GetIndexer()
-	nodeLister.Add(&corev1.Node{
+	testPodIP := "10.100.1.1"
+
+	nodeLister.Add(&v1.Node{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: instance1,
 		},
+		Spec: v1.NodeSpec{
+			PodCIDR:  "10.100.1.0/24",
+			PodCIDRs: []string{"2001:db8::/48", "10.100.1.0/24"},
+		},
 	})
 	testCases := []struct {
 		desc   string
@@ -1472,8 +1500,9 @@ func TestValidatePod(t *testing.T) {
 				},
 				Status: v1.PodStatus{
 					Phase: v1.PodRunning,
+					PodIP: testPodIP,
 				},
-				Spec: corev1.PodSpec{
+				Spec: v1.PodSpec{
 					NodeName: instance1,
 				},
 			},
@@ -1488,8 +1517,9 @@ func TestValidatePod(t *testing.T) {
 				},
 				Status: v1.PodStatus{
 					Phase: v1.PodFailed,
+					PodIP: testPodIP,
 				},
-				Spec: corev1.PodSpec{
+				Spec: v1.PodSpec{
 					NodeName: instance1,
 				},
 			},
@@ -1504,29 +1534,48 @@ func TestValidatePod(t *testing.T) {
 				},
 				Status: v1.PodStatus{
 					Phase: v1.PodSucceeded,
+					PodIP: testPodIP,
 				},
-				Spec: corev1.PodSpec{
+				Spec: v1.PodSpec{
 					NodeName: instance1,
 				},
 			},
 			expect: false,
 		},
 		{
 			desc: "a pod from non-existent node",
-			pod: &corev1.Pod{
+			pod: &v1.Pod{
 				ObjectMeta: metav1.ObjectMeta{
 					Namespace: testNamespace,
 					Name:      "pod4",
 				},
-				Status: corev1.PodStatus{
-					Phase: corev1.PodRunning,
+				Status: v1.PodStatus{
+					Phase: v1.PodRunning,
+					PodIP: testPodIP,
 				},
-				Spec: corev1.PodSpec{
+				Spec: v1.PodSpec{
 					NodeName: testNodeNonExistent,
 				},
 			},
 			expect: false,
 		},
+		{
+			desc: "a pod with IP outside of the node's allocated pod range",
+			pod: &v1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Namespace: testNamespace,
+					Name:      "pod5",
+				},
+				Status: v1.PodStatus{
+					Phase: v1.PodRunning,
+					PodIP: "10.101.1.1",
+				},
+				Spec: v1.PodSpec{
+					NodeName: instance1,
+				},
+			},
+			expect: false,
+		},
 	}
 	for _, tc := range testCases {
 		t.Run(tc.desc, func(t *testing.T) {