search

oracle / oci-cloud-controller-manager

Kubernetes Cloud Controller Manager implementation for Oracle Cloud Infrastructure
Apache License 2.0
131 stars 81 forks source link

Leaking security lists ingress #246

Open MadalinaPatrichi opened 5 years ago

MadalinaPatrichi commented 5 years ago

The CCM is leaking ingress rules in the node security list(s)

prydie commented 5 years ago

Might be relavent: 

• Failure [148.376 seconds]
Service [Slow]
/go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/load_balancer.go:36
  should be possible to create and mutate a Service type:LoadBalancer [Canary] [It]
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/load_balancer.go:39

  Oct 29 13:52:37.679: Failed: ValidSinglePortEgressRulesAfterPortChangeOrDie : (expectedRuleCount: 0, oldPort: 32673, newPort: 32674)

  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/framework/seclist_util.go:87
------------------------------
End to end TLS 
  should be possible to create and mutate a Service type:LoadBalancer [Canary]
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/load_balancer.go:307
[BeforeEach] End to end TLS
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/framework/framework.go:136
STEP: Creating OCI client
STEP: Creating a kubernetes client
STEP: Building a namespace api object
[It] should be possible to create and mutate a Service type:LoadBalancer [Canary]
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/load_balancer.go:307
STEP: creating a pod to be part of the TCP service e2e-tls-lb-test
Oct 29 13:52:43.750: INFO: Waiting up to 2m0s for 1 pods to be created
Oct 29 13:52:43.754: INFO: Found 0/1 pods - will retry
Oct 29 13:52:45.759: INFO: Found all 1 pods
Oct 29 13:52:45.759: INFO: Waiting up to 2m0s for 1 pods to be running and ready: [e2e-tls-lb-test-c4sg8]
Oct 29 13:52:45.759: INFO: Waiting up to 2m0s for pod "e2e-tls-lb-test-c4sg8" in namespace "ccm-e2e-tests-service-sxbk6" to be "running and ready"
Oct 29 13:52:45.763: INFO: Pod "e2e-tls-lb-test-c4sg8": Phase="Running", Reason="", readiness=false. Elapsed: 4.186775ms
Oct 29 13:52:47.790: INFO: Pod "e2e-tls-lb-test-c4sg8": Phase="Running", Reason="", readiness=true. Elapsed: 2.03076823s
Oct 29 13:52:47.790: INFO: Pod "e2e-tls-lb-test-c4sg8" satisfied condition "running and ready"
Oct 29 13:52:47.790: INFO: Wanted all 1 pods to be running and ready. Result: true. Pods: [e2e-tls-lb-test-c4sg8]
STEP: waiting for the TCP service to have a load balancer
Oct 29 13:52:47.790: INFO: Waiting up to 20m0s for service "e2e-tls-lb-test" to have a LoadBalancer
Oct 29 13:53:45.804: INFO: TCP node port: 30549
Oct 29 13:53:45.804: INFO: TCP load balancer: 129.213.171.27
STEP: changing TCP service back to type=ClusterIP
Oct 29 13:53:45.838: INFO: Waiting up to 20m0s for service "e2e-tls-lb-test" to have no LoadBalancer
[AfterEach] End to end TLS
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/framework/framework.go:137
STEP: Destroying namespace "ccm-e2e-tests-service-sxbk6" for this suite.
Oct 29 13:54:51.868: INFO: namespace ccm-e2e-tests-service-sxbk6 deletion completed in 6.013892288s

Source: https://app.wercker.com/Oracle/oci-cloud-controller-manager/runs/ccm-e2e-test/5bd70f14d58a150007f7c35a?step=5bd70f2cacc45100060adc49

prydie commented 5 years ago 
Service [Slow] 
  should be possible to create and mutate a Service type:LoadBalancer [Canary]
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/load_balancer.go:39
[BeforeEach] Service [Slow]
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/framework/framework.go:137
STEP: Creating OCI client
STEP: Creating a kubernetes client
STEP: Building a namespace api object
[It] should be possible to create and mutate a Service type:LoadBalancer [Canary]
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/load_balancer.go:39
STEP: creating a pod to be part of the TCP service basic-lb-test
Nov 13 15:26:15.451: INFO: Waiting up to 2m0s for 1 pods to be created
Nov 13 15:26:15.535: INFO: Found 0/1 pods - will retry
Nov 13 15:26:17.540: INFO: Found all 1 pods
Nov 13 15:26:17.540: INFO: Waiting up to 2m0s for 1 pods to be running and ready: [basic-lb-test-49qpb]
Nov 13 15:26:17.540: INFO: Waiting up to 2m0s for pod "basic-lb-test-49qpb" in namespace "ccm-e2e-tests-service-r8tfs" to be "running and ready"
Nov 13 15:26:17.545: INFO: Pod "basic-lb-test-49qpb": Phase="Running", Reason="", readiness=false. Elapsed: 4.408494ms
Nov 13 15:26:19.549: INFO: Pod "basic-lb-test-49qpb": Phase="Running", Reason="", readiness=true. Elapsed: 2.0087719s
Nov 13 15:26:19.549: INFO: Pod "basic-lb-test-49qpb" satisfied condition "running and ready"
Nov 13 15:26:19.549: INFO: Wanted all 1 pods to be running and ready. Result: true. Pods: [basic-lb-test-49qpb]
STEP: waiting for the TCP service to have a load balancer
Nov 13 15:26:19.549: INFO: Waiting up to 20m0s for service "basic-lb-test" to have a LoadBalancer
Nov 13 15:26:37.557: INFO: TCP node port: 32093
Nov 13 15:26:37.557: INFO: TCP load balancer: 129.213.168.5
STEP: hitting the TCP service's NodePort
Nov 13 15:26:37.557: INFO: Testing HTTP reachability of http://129.213.130.83:32093/echo?msg=hello
STEP: hitting the TCP service's LoadBalancer
Nov 13 15:26:37.563: INFO: Testing HTTP reachability of http://129.213.168.5:80/echo?msg=hello
STEP: changing the TCP service's NodePort
Nov 13 15:26:54.979: INFO: Failed: ValidSinglePortEgressRulesAfterPortChangeOrDie : (expectedRuleCount: 3, oldPort: 32093, newPort: 32094)
[AfterEach] Service [Slow]
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/framework/framework.go:138
STEP: Destroying namespace "ccm-e2e-tests-service-r8tfs" for this suite.
Nov 13 15:27:00.993: INFO: namespace ccm-e2e-tests-service-r8tfs deletion completed in 6.012824024s

• Failure [45.769 seconds]
Service [Slow]
/go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/load_balancer.go:36
  should be possible to create and mutate a Service type:LoadBalancer [Canary] [It]
  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/load_balancer.go:39

  Nov 13 15:26:54.979: Failed: ValidSinglePortEgressRulesAfterPortChangeOrDie : (expectedRuleCount: 3, oldPort: 32093, newPort: 32094)

  /go/src/github.com/oracle/oci-cloud-controller-manager/test/e2e/cloud-controller-manager/framework/seclist_util.go:87

Source: https://app.wercker.com/Oracle/oci-cloud-controller-manager/runs/ccm-e2e-test/5beaec79183106002852927b?step=5beaec9387436a0006f31fcf