Automated cherry pick of #1153: e2e/deps: enhance test scenarios with NLB #1161: e2e/loadbalancer: implement hairpin connection cases #1215: refact: e2e tests documenting hooks and enhance logging/steps #1217: e2e/debug: increase data collection on e2e failures #1214: doc/service: describe supported target group attributes#1317
Merged
k8s-ci-robot merged 9 commits intokubernetes:release-1.32from Jan 21, 2026
Conversation
This change enhance test scenarios by: - supporting more distributions which does not allow pods to bind on privileged ports (default behavior of libjig, see issue - refact tests to allow adding more cases - introduce tests to NLB, including advanced tests to validate the node selector annotation. AWS SDK is added to satisfy this validatoin.
Implementing the hairpin connection test cases, and exposing an issue on NLB with internal scheme which fails when the client is trying to access a service loadbalancer which is hosted in the same node. The hairpin connection is caused by the client IP preservation attribute is set to true (default), and the service does not provide an interface to prevent the issue. The e2e is expecting to pass to prevent permanent failures in CI, but it is tracked by an issue kubernetes#1160.
This change enhance the logging and ginkgo steps of the loadbalancer reachable e2e test cases. The Hooks, created to allow test case customization, is renamed and documented. Finally the configuration are encapsulated into a single structure to enhance parallel tests.
Document the new annotation for NLB to handle target group attributes, with examples and restrictions.
Implementing the hairpin connection test cases, and exposing an issue on NLB with internal scheme which fails when the client is trying to access a service loadbalancer which is hosted in the same node. The hairpin connection is caused by the client IP preservation attribute is set to true (default), and the service does not provide an interface to prevent the issue. The e2e is expecting to pass to prevent permanent failures in CI, but it is tracked by an issue kubernetes#1160.
Introduce pre-flight validations adding pre-flight checks for EnsureLoadBalancer with tasks to validate Service object constraints prior making calls to the provider. This aims to prevent changes to the resources when invalid configuration is provided. Currently only NLB target group attributes validations is added as part of this change. feat/tg-attr: support target group attrib annotation on NLB
Introduce the target group annotation[1] for all listeners on a Service type-loadBalancer NLB. [1] Annotation service.beta.kubernetes.io/aws-load-balancer-target-group-attributes The annotation provides a interface for users to opt into non-default configurations of a target group when creating or updating a Service. This change also provides a fix for a critical hairpin bug impacting NLB default configuration (using target type instance), which disables the 'preserve source ip configuration' attribute, leading to timeouts in such scenario.
k8s-ci-robot
added
the
do-not-merge/release-note-label-needed
k8s-ci-robot
added
needs-kind
k8s-ci-robot
added
the
lgtm
Contributor
|
/triage accepted |
k8s-ci-robot
added
triage/accepted
Member
Author
|
/approve |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: elmiko, kmala, yue9944882 The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cherry pick of #1153 #1161 #1215 #1217 #1214 on release-1.32.
#1153: e2e/deps: enhance test scenarios with NLB
#1161: e2e/loadbalancer: implement hairpin connection cases
#1215: refact: e2e tests documenting hooks and enhance logging/steps
#1217: e2e/debug: increase data collection on e2e failures
#1214: doc/service: describe supported target group attributes
For details on the cherry pick process, see the cherry pick requests page.