-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
connectivity: Automatically install IP routes on nodes w/o Cilium for from CIDR tests AND get rid of --datapath #1579
Conversation
4f5c2a8
to
28324be
Compare
a610468
to
efd74a7
Compare
We need to install extneral CIDR routes for the encryption tests, as the previous ones are deleted by "kind delete cluster". The boilerplate will go away once cilium/cilium-cli#1579 has been merged. Signed-off-by: Martynas Pumputis <[email protected]>
d65f42b
to
3cb290c
Compare
3cb290c
to
d59a51f
Compare
d59a51f
to
907dfb0
Compare
0d44369
to
c25eeb0
Compare
c25eeb0
to
f7446e4
Compare
f7446e4
to
ccfeae5
Compare
ccfeae5
to
e67f7c6
Compare
a648e31
to
8d91077
Compare
8d91077
to
2f020a4
Compare
Successful CI run - cilium/cilium#25638. The Go linter failure is a red-herring. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
Last commit could be squashed with the first?
This commit splits the host-netns deamonset into two - one which runs on nodes which runs Cilium ("host-netns"), and one which runs on non-Cilium test nodes selected with "--nodes-without-cilium" ("host-netns-non-cilium"). This is required, so that we grant NET_ADMIN only to the latter. Signed-off-by: Martynas Pumputis <[email protected]>
2f020a4
to
f91c327
Compare
I've tried squashing it, but hit many merge conflicts. Anyway, I think having two separate commits gives a good understanding to a reader about our preference for granting permissions in a fine-grained manner. |
Got majority of ACKs. All CI has passed. Merging to unblock other PRs. |
This allows us to drop the external-from-cidrs detection, and also drop the "--datapath" connectivity test, as it was merged into the main connectivity suite. Both were done in [1]. [1]: cilium/cilium-cli#1579 Signed-off-by: Martynas Pumputis <[email protected]>
[1] has fixed skipping some tests which previously was failing on v1.13. [1]: cilium/cilium-cli#1579 Signed-off-by: Martynas Pumputis <[email protected]>
This allows us to drop the external-from-cidrs detection, and also drop the "--datapath" connectivity test, as it was merged into the main connectivity suite. Both were done in [1]. [1]: cilium/cilium-cli#1579 Signed-off-by: Martynas Pumputis <[email protected]>
[1] has fixed skipping some tests which previously was failing on v1.13. [1]: cilium/cilium-cli#1579 Signed-off-by: Martynas Pumputis <[email protected]>
This PR introduces a few changes:
--datapath
, and introduces--include-unsafe-tests
. The formal removal required a few changes to the flow validation and skipping some tests to make it pass on some GHA workflows.Please review it per commit.
Successful run - cilium/cilium#25510.