Skip to content

Commit

Permalink
connectivity: test accessing NodePort from outside with L7 policy
Browse files Browse the repository at this point in the history
This test case covers cilium/cilium#21954.

A new policy `echo-ingress-l7-policy-from-anywhere` is added to allow
HTTP GET / on echo pods from outside.

Use `cilium connectivity test --test north-south-loadbalancing --datapath`
to run this test.

Signed-off-by: Zhichuan Liang <[email protected]>
  • Loading branch information
jschwinger233 committed Apr 27, 2023
1 parent cbbecbb commit 4ac1a48
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 0 deletions.
19 changes: 19 additions & 0 deletions connectivity/manifests/echo-ingress-l7-http-from-anywhere.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
apiVersion: "cilium.io/v2"
kind: CiliumNetworkPolicy
metadata:
name: "echo-ingress-l7-http-from-anywhere"
spec:
description: "Allow all to GET / on echo"
endpointSelector:
matchLabels:
kind: echo
ingress:
- toPorts:
- ports:
- port: "8080"
protocol: TCP
rules:
http:
- method: "GET"
path: "/$"
9 changes: 9 additions & 0 deletions connectivity/suite.go
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,9 @@ var (
//go:embed manifests/echo-ingress-l7-http.yaml
echoIngressL7HTTPPolicyYAML string

//go:embed manifests/echo-ingress-l7-http-from-anywhere.yaml
echoIngressL7HTTPFromAnywherePolicyYAML string

//go:embed manifests/echo-ingress-l7-http-named-port.yaml
echoIngressL7HTTPNamedPortPolicyYAML string

Expand Down Expand Up @@ -192,6 +195,12 @@ func Run(ctx context.Context, ct *check.ConnectivityTest) error {
WithScenarios(
tests.OutsideToNodePort(),
)
ct.NewTest("north-south-loadbalancing-with-l7-policy").
WithFeatureRequirements(check.RequireFeatureEnabled(check.FeatureNodeWithoutCilium)).
WithCiliumPolicy(echoIngressL7HTTPFromAnywherePolicyYAML).
WithScenarios(
tests.OutsideToNodePort(),
)
ct.NewTest("pod-to-pod-encryption").
WithFeatureRequirements(check.RequireFeatureEnabled(check.FeatureEncryptionPod)).
WithScenarios(
Expand Down

0 comments on commit 4ac1a48

Please sign in to comment.