svc.Spec.Ports = []v1.ServicePort{{Protocol: "TCP", Port: firewallTestHttpPort}} svc.Spec.LoadBalancerSourceRanges = firewallTestSourceRanges }) defer func() { jig.UpdateServiceOrFail(svc.Namespace, svc.Name, func(svc *v1.Service) { svc.Spec.Type = v1.ServiceTypeNodePort svc.Spec.LoadBalancerSourceRanges = nil }) Expect(cs.Core().Services(svc.Namespace).Delete(svc.Name, nil)).NotTo(HaveOccurred()) }() svcExternalIP := svc.Status.LoadBalancer.Ingress[0].IP By("Checking if service's firewall rules are correct") nodeTags := framework.GetInstanceTags(cloudConfig, nodesNames[0]) expFw := framework.ConstructFirewallForLBService(svc, nodeTags.Items) fw, err := gceCloud.GetFirewall(expFw.Name) Expect(err).NotTo(HaveOccurred()) Expect(framework.VerifyFirewallRule(fw, expFw, cloudConfig.Network, false)).NotTo(HaveOccurred()) By(fmt.Sprintf("Creating netexec pods on at most %v nodes", maxNodesForEndpointsTests)) for i, nodeName := range nodesNames { podName := fmt.Sprintf("netexec%v", i) jig.LaunchNetexecPodOnNode(f, nodeName, podName, firewallTestHttpPort, firewallTestUdpPort, true) defer func() { framework.Logf("Cleaning up the netexec pod: %v", podName) Expect(cs.Core().Pods(ns).Delete(podName, nil)).NotTo(HaveOccurred()) }() } // Send requests from outside of the cluster because internal traffic is whitelisted By("Accessing the external service ip from outside, all non-master nodes should be reached")