Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

connectivity: Fix iface derivation in encrypt tests #1304

Merged
merged 1 commit into from
Dec 20, 2022
Merged

connectivity: Fix iface derivation in encrypt tests #1304

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions connectivity/tests/encryption.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ func (s *podToPodEncryption) Run(ctx context.Context, t *check.Test) {
iface = "cilium_" + tunnelFeat.Mode // E.g. cilium_vxlan
} else {
cmd := []string{"/bin/sh", "-c",
fmt.Sprintf("ip -o r g %s from %s | grep -oP '(?<=dev )[^ ]+'",
server.Pod.Status.PodIP, client.Pod.Status.PodIP)}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did the tests pass?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the direct routing mode, "ip r g $DST_POD_IP from $SRC_POD_IP"
fails with "RTNETLINK answers: Network unreachable".

Do you know why? The revert means it may break on EKS.

Copy link
Member Author

@brb brb Dec 20, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did the tests pass?

The direct routing was never tested. However, it's going to change in cilium/cilium#22803.

Do you know why? The revert means it may break on EKS.

My initial thought was that the rp_filter is to blame, but setting it to 0 didn't resolve the issue. I haven't spent much time digging into, as for now my priority is to get many different DP configurations tested "on prem" (=Kind on LVH VMs). Once it's been done - managed K8s. However, it doesn't mean that others cannot pick it meanwhile.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it. Might be worth creating an issue for that on this repository, just so we don't waste time when we start running this test on EKS in > 6months.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be worth creating an issue for that on this repository

Yep, I'm going to do in a bit.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for posterity - #1306.

fmt.Sprintf("ip -o r g %s | grep -oE 'dev [^ ]*' | cut -d' ' -f2",
server.Pod.Status.PodIP)}
t.Debugf("Running %s", strings.Join(cmd, " "))
dev, err := clientHost.K8sClient.ExecInPod(ctx, clientHost.Pod.Namespace,
clientHost.Pod.Name, "", cmd)
Expand Down