create rc v with selectors v
create service v with selectors v
verify pod for rc
wait for endpoints of service with dns name
scale down replication controller to zero
update service to not tolerate unready service
check if pod be unreachable
update service to tolerate unready service again
check if terminate pod be available through service
remove pod immediately

We'll want to build a service that probes to pods on hostNetwork configurations

bug: currently we treat below as connected, which is wrong, as this means the service IP is not created yet.
kubectl exec pod-4 -c cont-80-tcp -n x-3992 -- /agnhost connect :80 --timeout=5s --protocol=udp

• include logs to know which node each pod got scheduled
• refine matrix to know which node each pod is running on
• colorize the std outputs
• tbd

create a tcp service servicename with typeclusterip in namespace
create a clientserver pod
wait for the service to expose an endpoint
check if the pod can reach itself

We could move tests like

   CREATE service w/ spn label
   VERIFY svc1 it doesnt work
   CREATE service w/o spn label
   VERIFY svc2  it works
   UPDATE the 2n service w spn label
   VERIFY both services dont work

• implement Go TestExample as well to make more readable

restart apiserver
wait for apiserver to come up by poll healthz
create service servicename with typenodeport in namespace

create a tcp service servicename with typeclusterip in namespace
change the tcp service to typenodeport
update nodeport service to listen tcp and udp base request over same port
create a service servicename with the typeexternalname in namespace
change the externalname service to typeclusterip
create a service servicename with the typeexternalname in namespace
change the externalname service to typenodeport
create a service servicename with the typeclusterip in namespace
create active service to test reachability when its fqdn be refer as externalname for another service
change the clusterip service to typeexternalname
create a service servicename with the typenodeport in namespace
create active service to test reachability when its fqdn be refer as externalname for another service
change the nodeport service to typeexternalname

xref kubernetes/kubernetes#106030 (comment)

i think theres some ready logic that we may not be covering here, we should make sure we take that bug recently found into account

Test on AntreaProxy

create a service with no endpoints
create new pod on node1
hit the service from new pod on node 1
make sure call is failing

validate if the TCP connections close after a certain time.
what is CLOSE_WAIT: https://blog.cloudflare.com/this-is-strictly-a-violation-of-the-tcp-specification/

refer test: k/k test/e2e/network/kube_proxy.go ginkgo.It "should set TCP CLOSE_WAIT timeout [Privileged]".

We want to make sure were able to run tests in windows, as well as linux.
cc @weiwenli97

Session affinity test needs at least three pods to test the requests affinity sent from one pod to a service managing 2 pods.

Solution:
Create new pods, instead of using existing pods.

Create a Pod with DNSPolicy as None and custom DNS configuration, specifying nameservers and search path entries. Pod creation MUST be successful and provided DNS configuration MUST be configured in the Pod.

create svc1 in namespace
create svc2 in namespace
verify service svc1 be up
verify service svc2 be up
stop service
verify service svc1 be not up
verify service svc2 be still up
create service svc3 in namespace
verify service svc2 be still up
verify service svc3 be up

To avoid breaking other tests while we refactor the test-suite when adding new tests we should have unit-tests for core modules

create serviceheadless in namespace
create service in namespace
verify service be up
verify serviceheadless be not up
add servicekubernetesioheadless label
verify service be not up
remove servicekubernetesioheadless annotation
verify service be up
verify serviceheadless be still not up

create service servicename with type nodeport in namespace
change service servicename to outofrange nodeport d
delete original service
create service servicename with outofrange nodeport d

Regression test for k/k #74839

Packets considered INVALID by conntrack should be dropped.

1. create a server pod based on image, which will inject invalid packet to clients when the connection established
2. create a service for the pod, for client connecton
3. create a client nc the server pod continuously
4. check client pod does not RST the TCP connection because it receives an INVALID packet

Setup metallb on a few yaml, and make it optional.

Add LoadBalancer tests

get the state of the sctp module on nod
create service servicename in namespace
validate endpoints do not exist yet
create a pod for the service
validate endpoints exist
delete the pod
validate endpoints do not exist anymore
validate sctp module be still not load

1. Create two new namespaces
2. In each namespace, create rc,svc,pod abased on cluster-dns examples https://github.com/kubernetes/examples/tree/master/staging/cluster-dns
3. Validate if the application is initialized, in each namespace, wait and validate pods and services are responding
4. Verify the namespace-1's dns name is resolvable, try and retry socket connect from one of the pod we created in the same namespace
5. update front-end deployment yaml, with the newly created namespace-1 backend cluster dns
6. create front-end in both two namespace
7. verify if from front-end pods in both namespace, can reach to endpoints via the namespace-1 cluster dns

Fix kpng jobs on CI
Add golang-ci on CI

Following the readme to run tests on local environment, encountered issue that pods can ping each other, but agnhost connect cmd does not work:

TIMEOUT```

This issue only occurs on MacOS, did not encounter on Linux environment.

check that kubeproxy be in iptables mode
get the state of the sctp module on nod
create service servicename in namespace
validate sctp module be still not load

Make a sonobuoy plugin that bundles the service-lb-validator so that we can validate it for vmware-tanzu

We should reproduce
kubernetes/kubernetes#103000

• clean up the logs
• combine the matrix for udp and tcp testing for same service.

create a tcp service servicename with typeclusterip in namespace
pick 2 nod to test whether source ip be preserve or not
create a webserver pod to be part of the tcp service which echo back source ip
create pause pod deployment
verify the preserve source ip

get the state of the sctp module on the select node
create a pod with hostport on the select node
launch the pod on node v
validate sctp module be still not load

Lets build an ExternalTrafficPolicy=local loadbalancer service .

• make this test fail if cluster < 2 nodes
• will require some refactor to target pods to specific nodes
• might be tricky !

@knabben thinks this ieasy

1. set up iperf2 server -- a single pod on any node
2. set up iperf2 client daemonset
3. wait for server running
4. wait for all clients running
5. iterate through the client pods one by one, running iperf2 in client mode to transfer data to the server and back and measure bandwidth
6. after collecting all the client<->server data, compile and present the results

note:
/* iperf2 command parameters:
* -e: use enhanced reporting giving more tcp/udp and traffic information
* -p %d: server port to connect to
* --reportstyle C: report as Comma-Separated Values
* -i 1: seconds between periodic bandwidth reports
* -c %s: run in client mode, connecting to
*/

Having a better summary of the failures can give the operator a more informative overview of final result, currently we only rely on exit status code.

Example:

Ran 10 of 7026 Specs in 2928.397 seconds
FAIL! -- 1 Passed | 9 Failed | 0 Pending | 7016 Skipped
--- FAIL: TestE2E (2930.61s)
FAIL

create servicedisabled in namespace
create service in namespace
verify service be up
verify servicedisabled be not up
add serviceproxyname label
verify service be not up
remove serviceproxyname annotation
verify service be up
verify servicedisabled be still not up

Add new externalname type tests

Currently we are testing lb in the same cluster, so does the upstream k8s networking e2e tests.

Improve to test the cluster to cluster connectivity via load balancer.

All pods are listening only on TCP testing we MUST support UDP, given preference to the first.

Check the kube proxy url, as /healthz url is deprecated, since k8s v1.16, should use url /livez or /readyz(refer The healthz endpoint is deprecated (since Kubernetes v1.16), and you should use the more specific livez and readyz endpoints instead)

Solution:

• Create hostnetwork pod, curl localhost:[proxy bind port]/livez, to check kube-proxy url.
• Verify the response. expect contains "200 OK"
• Create hostnetwork pod, curl localhost:[proxy bind port]/proxyMode, to check kube-proxy url.
• Verify the response. expect contains "200"

We should add an option to run the tests in a way that they run all probes from a daemonset, and flag that test as slow, since otherwise it might take a long time i.e. on a 1000 node cluster :).

A lof of k8s helpers are spread and can be reused with k8devel

We run different sets of tests with ./svc-test, with the pretty format test result below, it's hard to tell what's the tests' purpose from the result message, ex. testing connections for clusterIPort nodePort or loadbalancer.

Amplify the result message for each test, and add a summary message for the results of all tests.

reachability: correct:16, incorrect:0, result=true

52 <nil>
expected:

-		x-55117/pod-1	x-55117/pod-2	x-55117/pod-3	x-55117/pod-4
x-55117/pod-1	.		.		.		.
x-55117/pod-2	.		.		.		.
x-55117/pod-3	.		.		.		.
x-55117/pod-4	.		.		.		.


176 <nil>
observed:

-		x-55117/pod-1	x-55117/pod-2	x-55117/pod-3	x-55117/pod-4
x-55117/pod-1	.		.		.		.
x-55117/pod-2	.		.		.		.
x-55117/pod-3	.		.		.		.
x-55117/pod-4	.		.		.		.


176 <nil>
comparison:

-		x-55117/pod-1	x-55117/pod-2	x-55117/pod-3	x-55117/pod-4
x-55117/pod-1	.		.		.		.
x-55117/pod-2	.		.		.		.
x-55117/pod-3	.		.		.		.
x-55117/pod-4	.		.		.		.


178 <nil>
{"level":"info","ts":1636589916.03517,"caller":"matrix/helper.go:60","msg":"VALIDATION SUCCESSFUL"}
PASS

Adding a --keep-ns-on-fail so we avoid to clean up if tests have failed.

create service servicename with typeclusterip in namespace

https://github.com/kubernetes-sigs/e2e-framework/blob/63fa8b05c52cc136a3e529b9f9f812b061cea165/docs/design/klient-package.md

create service servicename1 with type nodeport in namespace
create service servicename2 with conflict nodeport
delete service servicename1 to release nodeport
create service servicename2 with nolongerconflicting nodeport

create service servicename with type nodeport in namespace
delete original service
create service servicename with same nodeport d

1. We want to make sure that our pods are spread to DIFFERENT nodes
2. Maybe it would be nice if the table explicitly printed out the node names as well ?