kuma
68 строк · 2.4 Кб
1package connectivity
2
3import (
4. "github.com/onsi/ginkgo/v2"
5. "github.com/onsi/gomega"
6corev1 "k8s.io/api/core/v1"
7"k8s.io/apimachinery/pkg/api/resource"
8
9"github.com/kumahq/kuma/pkg/plugins/runtime/k8s/metadata"
10"github.com/kumahq/kuma/pkg/util/pointer"
11. "github.com/kumahq/kuma/test/framework"
12"github.com/kumahq/kuma/test/framework/deployments/testserver"
13"github.com/kumahq/kuma/test/framework/envs/kubernetes"
14)
15
16func ExcludeOutboundPort() {
17meshName := "exclude-outbound-port"
18namespace := "exclude-outbound-port"
19namespaceExternal := "exclude-outbound-port-external"
20
21BeforeAll(func() {
22err := NewClusterSetup().
23Install(MTLSMeshKubernetes(meshName)).
24Install(MeshTrafficPermissionAllowAllKubernetes(meshName)).
25Install(NamespaceWithSidecarInjection(namespace)).
26Install(Namespace(namespaceExternal)).
27Install(testserver.Install(
28testserver.WithName("test-server"),
29testserver.WithNamespace(namespaceExternal),
30)).
31Setup(kubernetes.Cluster)
32Expect(err).ToNot(HaveOccurred())
33})
34
35E2EAfterAll(func() {
36Expect(kubernetes.Cluster.TriggerDeleteNamespace(namespace)).To(Succeed())
37Expect(kubernetes.Cluster.TriggerDeleteNamespace(namespaceExternal)).To(Succeed())
38Expect(kubernetes.Cluster.DeleteMesh(meshName)).To(Succeed())
39})
40
41It("should be able to use network from init container if we ignore ports for uid", func() {
42Expect(kubernetes.Cluster.Install(testserver.Install(
43testserver.WithName("test-server"),
44testserver.WithNamespace(namespace),
45testserver.WithPodAnnotations(map[string]string{
46metadata.KumaInitFirst: "true",
47metadata.KumaTrafficExcludeOutboundTCPPortsForUIDs: "80:1234",
48metadata.KumaTrafficExcludeOutboundUDPPortsForUIDs: "53:1234",
49}),
50testserver.AddInitContainer(corev1.Container{
51Name: "init-test-server",
52Image: Config.GetUniversalImage(),
53ImagePullPolicy: "IfNotPresent",
54Command: []string{"curl"},
55Args: []string{"-v", "-m", "3", "--fail", "test-server.exclude-outbound-port-external.svc.cluster.local:80"},
56Resources: corev1.ResourceRequirements{
57Limits: corev1.ResourceList{
58"cpu": resource.MustParse("50m"),
59"memory": resource.MustParse("64Mi"),
60},
61},
62SecurityContext: &corev1.SecurityContext{
63RunAsUser: pointer.To(int64(1234)),
64},
65},
66)))).To(Succeed())
67})
68}
69