Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

connectivity: Fix iface derivation in encrypt tests #1304

Merged
merged 1 commit into from
Dec 20, 2022
Merged

connectivity: Fix iface derivation in encrypt tests #1304

merged 1 commit into from
Dec 20, 2022

Conversation

brb
Copy link
Member

@brb brb commented Dec 20, 2022

This commit fixes two issues:

  • grep's "-P" is not available on busybox.
  • In the direct routing mode, "ip r g $DST_POD_IP from $SRC_POD_IP" fails with "RTNETLINK answers: Network unreachable".

Fixes: 998ef8a ("connectivity: Add encryption test")
Signed-off-by: Martynas Pumputis [email protected]

@brb
connectivity: Fix iface derivation in encrypt tests
f12c196 
This commit fixes two issues:

* grep's "-P" is not available on busybox.
* In the direct routing mode, "ip r g $DST_POD_IP from $SRC_POD_IP"
  fails with "RTNETLINK answers: Network unreachable".

Fixes: 998ef8a ("connectivity: Add encryption test")
Signed-off-by: Martynas Pumputis <[email protected]>
@brb brb added kind/bug Something isn't working area/CI Continuous Integration testing issue or flake labels Dec 20, 2022
@brb brb requested a review from a team as a code owner December 20, 2022 10:33
@brb brb requested a review from joamaki December 20, 2022 10:33
@brb brb temporarily deployed to ci December 20, 2022 10:33 — with GitHub Actions Inactive
@brb brb requested a review from pchaigno December 20, 2022 10:40
pchaigno
pchaigno reviewed Dec 20, 2022
View reviewed changes
connectivity/tests/encryption.go
@@ -59,8 +59,8 @@ func (s *podToPodEncryption) Run(ctx context.Context, t *check.Test) {
iface = "cilium_" + tunnelFeat.Mode // E.g. cilium_vxlan
} else {
cmd := []string{"/bin/sh", "-c",
fmt.Sprintf("ip -o r g %s from %s | grep -oP '(?<=dev )[^ ]+'",
server.Pod.Status.PodIP, client.Pod.Status.PodIP)}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did the tests pass?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the direct routing mode, "ip r g $DST_POD_IP from $SRC_POD_IP"
fails with "RTNETLINK answers: Network unreachable".

Do you know why? The revert means it may break on EKS.

Copy link
Member Author

@brb brb Dec 20, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did the tests pass?

The direct routing was never tested. However, it's going to change in cilium/cilium#22803.

Do you know why? The revert means it may break on EKS.

My initial thought was that the rp_filter is to blame, but setting it to 0 didn't resolve the issue. I haven't spent much time digging into, as for now my priority is to get many different DP configurations tested "on prem" (=Kind on LVH VMs). Once it's been done - managed K8s. However, it doesn't mean that others cannot pick it meanwhile.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it. Might be worth creating an issue for that on this repository, just so we don't waste time when we start running this test on EKS in > 6months.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be worth creating an issue for that on this repository

Yep, I'm going to do in a bit.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for posterity - #1306.

@brb brb requested a review from pchaigno December 20, 2022 11:04
@brb
Copy link
Member Author

brb commented Dec 20, 2022

The CI with the changes passed - https://github.com/cilium/cilium/actions/runs/3739715885/jobs/6347256459.

@brb
Copy link
Member Author

brb commented Dec 20, 2022

Multicluster hit the infamous 1.1.1.1 flake.

@brb brb added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Dec 20, 2022
@gandro gandro merged commit 2fc0835 into master Dec 20, 2022
@gandro gandro deleted the pr/brb/fix-encrypt-iface branch December 20, 2022 13:54
@brb brb mentioned this pull request Dec 20, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pchaigno pchaigno pchaigno approved these changes

@joamaki joamaki joamaki approved these changes

Assignees
No one assigned
Labels
area/CI Continuous Integration testing issue or flake kind/bug Something isn't working ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@brb @joamaki @pchaigno @gandro