Documentation
¶
Index ¶
- Constants
- Variables
- func BGPAdvertisements(bgpAPIVersion uint8) check.Scenario
- func CiliumHealth() check.Scenario
- func ClientToClient() check.Scenario
- func ClusterMeshEndpointSliceSync() check.Scenario
- func Dummy(name string) check.Scenario
- func EgressGateway() check.Scenario
- func EgressGatewayExcludedCIDRs() check.Scenario
- func FromCIDRToPod() check.Scenario
- func HostToPod() check.Scenario
- func LRP(skipRedirectFromBackend bool) check.Scenario
- func LRPWithNodeDNS() check.Scenario
- func NoErrorsInLogs(ciliumVersion semver.Version, checkLevels []string) check.Scenario
- func NoIPsecXfrmErrors(expectedErrors []string) check.Scenario
- func NoInterruptedConnections() check.Scenario
- func NoUnexpectedPacketDrops(expectedDrops []string) check.Scenario
- func NodeToNodeEncryption(reqs ...features.Requirement) check.Scenario
- func OutsideToIngressService() check.Scenario
- func OutsideToNodePort() check.Scenario
- func PodToCIDR(opts ...RetryOption) check.Scenario
- func PodToControlPlaneHost() check.Scenario
- func PodToExternalWorkload() check.Scenario
- func PodToHost() check.Scenario
- func PodToHostPort() check.Scenario
- func PodToIngress(opts ...Option) check.Scenario
- func PodToK8sLocal() check.Scenario
- func PodToLocalNodePort() check.Scenario
- func PodToPod(opts ...Option) check.Scenario
- func PodToPodEncryption(reqs ...features.Requirement) check.Scenario
- func PodToPodMissingIPCache(opts ...Option) check.Scenario
- func PodToPodNoFrag() check.Scenario
- func PodToPodWithEndpoints(opts ...Option) check.Scenario
- func PodToRemoteNodePort() check.Scenario
- func PodToService(opts ...Option) check.Scenario
- func PodToWorld(opts ...RetryOption) check.Scenario
- func PodToWorld2() check.Scenario
- func PodToWorldWithTLSIntercept(curlOpts ...string) check.Scenario
- func SocatMulticast() check.Scenario
- func WaitForEgressGatewayBpfPolicyEntries(ctx context.Context, t *check.Test, ...)
- func WaitForLocalRedirectBPFEntries(ctx context.Context, t *check.Test, frontend string, ...)
- type Option
- type RetryOption
Constants ¶
const ( RunInitFailed = "JoinEP: " // from https://github.com/cilium/cilium/pull/5052 RemovingMapMsg = "Removing map to allow for property upgrade" // from https://github.com/cilium/cilium/pull/10626 )
const ( HdrSizeICMPEcho = 8 HdrSizeIPv4 = 20 HdrSizeIPv6 = 40 )
Variables ¶
var NodeWithoutGroup []string
Having data to restore group and subscriber status after testing
var NodeWithoutGroupMu lock.RWMutex
var NotSubscribePodAddress map[string][]v2.NodeAddress
var NotSubscribePodAddressMu lock.RWMutex
Functions ¶
func BGPAdvertisements ¶
func CiliumHealth ¶
func ClientToClient ¶
ClientToClient sends an ICMP packet from each client Pod to each client Pod in the test context.
func EgressGateway ¶
EgressGateway is a test case which, given the cegp-sample-client CiliumEgressGatewayPolicy targeting: - a couple of client pods (kind=client) as source - the 0.0.0.0/0 destination CIDR - kind-worker2 as gateway node
and the cegp-sample-echo CiliumEgressGatewayPolicy targeting: - the echo service pods (kind=echo) as source - the 0.0.0.0/0 destination CIDR - kind-worker2 as gateway node
tests connectivity for: - pod to host traffic - pod to service traffic - pod to external IP traffic - reply traffic for services - reply traffic for pods
func EgressGatewayExcludedCIDRs ¶
EgressGatewayExcludedCIDRs is a test case which, given the cegp-sample CiliumEgressGatewayPolicy targeting: targeting: - a couple of client pods (kind=client) as source - the 0.0.0.0/0 destination CIDR - the IP of the external node as excluded CIDR - kind-worker2 as gateway node
This suite tests the excludedCIDRs property and ensure traffic matching an excluded CIDR does not get masqueraded with the egress IP
func FromCIDRToPod ¶
FromCIDRToPod generates HTTP request from each node without Cilium to the echo pods within the Cilium / K8s cluster.
func HostToPod ¶
HostToPod generates one HTTP request from each node inside the cluster to each echo (server) pod in the test context.
func LRP ¶
LRP runs test scenarios for local redirect policy. It tests local redirection connectivity from test source pods to LRP frontend.
It tests connectivity with the configured skipRedirectFromBackend flag for: - client pods to LRP frontend - LRP backend pods to LRP frontend
func LRPWithNodeDNS ¶
LRPWithNodeDNS runs test scenarios for local redirect policy with the node local DNS setup.
It sends HTTP requests to the externalEcho service to check the DNS requests are resolved by node-local DNS cache pods. The network policy allows the clients to access node-local-dns and the externalEcho service.
func NoErrorsInLogs ¶
NoErrorsInLogs checks whether there are no error messages in cilium-agent logs. The error messages are defined in badLogMsgsWithExceptions, which key is an error message, while values is a list of ignored messages.
func NoIPsecXfrmErrors ¶
func NoInterruptedConnections ¶
NoInterruptedConnections checks whether there are no interruptions in long-lived E/W LB connections. The test case is used to validate Cilium upgrades.
The test case consists of three steps:
1. Deploying pods and a service which establish the long-lived connections (done by "--conn-disrupt-test-setup"). The client pods ("test-conn-disrupt-client") establish connections via ClusterIP ("test-conn-disrupt") to server pods ("test-conn-disrupt-server"). As there former pods come first before the latter, the former pods can crash which increases the pod restart counter. The step is responsible for storing the restart counter too. 2. Do Cilium upgrade. 3. Run the test ("--include-conn-disrupt-test"). The test checks the restart counters, and compares them against the previously stored ones. A mismatch indicates that a connection was interrupted.
func NoUnexpectedPacketDrops ¶
NoUnexpectedPacketDrops checks whether there were no drops due to expected packet drops.
func NodeToNodeEncryption ¶
func NodeToNodeEncryption(reqs ...features.Requirement) check.Scenario
func OutsideToIngressService ¶
OutsideToIngressService sends an HTTP request from client pod running on a node w/o Cilium to NodePort services.
func OutsideToNodePort ¶
OutsideToNodePort sends an HTTP request from client pod running on a node w/o Cilium to NodePort services.
func PodToCIDR ¶
func PodToCIDR(opts ...RetryOption) check.Scenario
PodToCIDR sends an HTTPS request from each client Pod to ExternalIP and ExternalOtherIP
func PodToControlPlaneHost ¶
PodToControlPlaneHost sends an ICMP ping from the controlPlaneclient Pod to all nodes in the test context.
func PodToExternalWorkload ¶
func PodToHost ¶
PodToHost sends an ICMP ping from all client Pods to all nodes in the test context.
func PodToHostPort ¶
PodToHostPort sends an HTTP request from all client Pods to all echo Services' HostPorts.
func PodToIngress ¶
PodToIngress sends an HTTP request from all client Pods to all Ingress service in the test context.
func PodToK8sLocal ¶
PodToK8sLocal sends a curl from all control plane client Pods to all control-plane nodes.
func PodToLocalNodePort ¶
PodToLocalNodePort sends an HTTP request from all client Pods to all echo Services' NodePorts, but only on the same node as the client Pods.
func PodToPod ¶
PodToPod generates one HTTP request from each client pod to each echo (server) pod in the test context. The remote Pod is contacted directly, no DNS is involved.
func PodToPodEncryption ¶
func PodToPodEncryption(reqs ...features.Requirement) check.Scenario
PodToPodEncryption is a test case which checks the following:
- There is a connectivity between pods on different nodes when any encryption mode is on (either WireGuard or IPsec).
- No unencrypted packet is leaked. As a sanity check, we additionally run the same test also when encryption is disabled, asserting that we effectively observe unencrypted packets.
The checks are implemented by curl'ing a server pod from a client pod, and then inspecting tcpdump captures from the client pod's node.
func PodToPodMissingIPCache ¶
func PodToPodNoFrag ¶
PodToPodNoFrag is a test to check whether a correct MTU is set for pods. The check is performed by sending an ICMP Echo request with DF set ("do not fragment"). The ICMP payload size of the request:
- For IPv4: $POD_MTU - 20 (IPv4 hdr) - 8 (ICMP Echo hdr) - For IPv6: $POD_MTU - 40 (IPv6 hdr) - 8 (ICMP Echo hdr)
func PodToPodWithEndpoints ¶
func PodToRemoteNodePort ¶
PodToRemoteNodePort sends an HTTP request from all client Pods to all echo Services' NodePorts, but only to other nodes.
func PodToService ¶
PodToService sends an HTTP request from all client Pods to all Services in the test context.
func PodToWorld ¶
func PodToWorld(opts ...RetryOption) check.Scenario
PodToWorld sends multiple HTTP(S) requests to ExternalTarget from each client Pods.
func PodToWorld2 ¶
PodToWorld2 sends an HTTPS request to cilium.io from from random client Pods.
func PodToWorldWithTLSIntercept ¶
PodToWorldWithTLSIntercept sends an HTTPS request to one.one.one.one (default value of ExternalTarget) from from random client
func SocatMulticast ¶
func WaitForEgressGatewayBpfPolicyEntries ¶
func WaitForEgressGatewayBpfPolicyEntries(ctx context.Context, t *check.Test, targetEntriesCallback func(ciliumPod check.Pod) []bpfEgressGatewayPolicyEntry, )
WaitForEgressGatewayBpfPolicyEntries waits for the egress gateway policy maps on each node to WaitForEgressGatewayBpfPolicyEntries with the entries returned by the targetEntriesCallback
Types ¶
type Option ¶
type Option func(*labelsOption)
func WithMethod ¶
func WithSourceLabelsOption ¶
type RetryOption ¶
type RetryOption func(*retryCondition)
func WithRetryAll ¶
func WithRetryAll() RetryOption
WithRetryAll sets all condition, returns retry options in every case
func WithRetryDestIP ¶
func WithRetryDestIP(ip string) RetryOption
WithRetryDestIP sets ip address condition
func WithRetryDestPort ¶
func WithRetryDestPort(port uint32) RetryOption
WithRetryDestPort sets port condition
func WithRetryPodLabel ¶
func WithRetryPodLabel(name, val string) RetryOption
WithRetryPodLabel sets pod label condition
Source Files