connectivity: add basic egress gateway test #1555

jibi · 2023-04-28T12:13:38Z

This PR adds a first basic egress gateway test.
Given the cegp-sample CiliumEgressGatewayPolicy targeting:

a couple of client pods (kind=client) as source
the 0.0.0.0/0 destination CIDR
kind-worker2 as gateway node

the test simply ensures that traffic from both clients reaches the echo-external service with the egress IP of the gateway node

Signed-off-by: Gilberto Bertin <jibi@cilium.io>

add a new echo-external deployment for a JSON mock pod targeting all external nodes (i.e. nodes that are not running Cilium) Signed-off-by: Gilberto Bertin <jibi@cilium.io>

this commit adds a new method to the check package, WithCiliumEgressGatewayPolicy(), which can be used to apply one or more egress gateway policies in the context of a given test. The helper does not wait for the policies to be enforced so it will be up the individual tests to ensure that (i.e. BPF entries for the policy map are set). Signed-off-by: Gilberto Bertin <jibi@cilium.io>

brb

🍕 🚀

nebril

ci-structure bits LGTM

connectivity/manifests/egress-gateway-policy.yaml

This commit adds a first basic egress gateway test. Given the cegp-sample CiliumEgressGatewayPolicy targeting: - a couple of client pods (kind=client) as source - the 0.0.0.0/0 destination CIDR - kind-worker2 as gateway node the test simply ensures that traffic from both clients reaches the echo-external service with the egress IP of the gateway node. Signed-off-by: Gilberto Bertin <jibi@cilium.io>

Use the node that runs the client pod with the other=client label as egress gateway rather than hardcoding kind-worker2 Signed-off-by: Gilberto Bertin <jibi@cilium.io>

deploying the connectivity test twice on 2 different namespaces causes some issue for the echo-external pod, which uses the host network namespace and exposes a host port, so just reuse the same namespace for both tests. Relates: 3939c61 Signed-off-by: Gilberto Bertin <jibi@cilium.io>

jibi temporarily deployed to ci April 28, 2023 12:13 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from 0d25383 to 4e8b9ec Compare May 1, 2023 08:56

jibi temporarily deployed to ci May 1, 2023 08:56 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from 4e8b9ec to d6bebb2 Compare May 1, 2023 09:29

jibi temporarily deployed to ci May 1, 2023 09:29 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from d6bebb2 to f03b5e0 Compare May 1, 2023 10:11

jibi temporarily deployed to ci May 1, 2023 10:11 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from f03b5e0 to a008d6d Compare May 1, 2023 10:33

jibi temporarily deployed to ci May 1, 2023 10:33 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from a008d6d to d0b22f7 Compare May 2, 2023 09:08

jibi temporarily deployed to ci May 2, 2023 09:08 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from d0b22f7 to ba2f150 Compare May 2, 2023 09:14

jibi temporarily deployed to ci May 2, 2023 09:14 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from ba2f150 to 048420c Compare May 2, 2023 09:23

jibi temporarily deployed to ci May 2, 2023 09:23 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from 048420c to ee87948 Compare May 2, 2023 09:34

jibi temporarily deployed to ci May 2, 2023 09:34 — with GitHub Actions Inactive

jibi added 2 commits May 2, 2023 14:06

features: add support for probing the egress gateway feature

9585914

Signed-off-by: Gilberto Bertin <jibi@cilium.io>

connectivity: add echo-external deployment

264d300

add a new echo-external deployment for a JSON mock pod targeting all external nodes (i.e. nodes that are not running Cilium) Signed-off-by: Gilberto Bertin <jibi@cilium.io>

jibi force-pushed the pr/jibi/egressgw-tests branch from ee87948 to 44dff90 Compare May 2, 2023 12:51

jibi temporarily deployed to ci May 2, 2023 12:51 — with GitHub Actions Inactive

jibi changed the title ~~WIP: Add initial egress gateway tests~~ connectivity: add basic egress gateway test May 2, 2023

jibi added the area/CI Continuous Integration testing issue or flake label May 2, 2023

jibi force-pushed the pr/jibi/egressgw-tests branch from 44dff90 to 7cfdc17 Compare May 2, 2023 12:55

jibi had a problem deploying to ci May 2, 2023 12:55 — with GitHub Actions Error

jibi force-pushed the pr/jibi/egressgw-tests branch from 7cfdc17 to ea8c6b2 Compare May 2, 2023 12:57

jibi had a problem deploying to ci May 2, 2023 12:57 — with GitHub Actions Error

jibi force-pushed the pr/jibi/egressgw-tests branch from ea8c6b2 to 6ef2dc1 Compare May 2, 2023 12:58

jibi temporarily deployed to ci May 2, 2023 12:58 — with GitHub Actions Inactive

jibi requested a review from a team as a code owner May 4, 2023 07:20

jibi requested review from aanm and nebril May 4, 2023 07:20

jibi temporarily deployed to ci May 4, 2023 07:20 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from 243579e to 7f6e859 Compare May 4, 2023 07:47

jibi temporarily deployed to ci May 4, 2023 07:47 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from 7f6e859 to 0fbb1d9 Compare May 4, 2023 08:48

jibi temporarily deployed to ci May 4, 2023 08:48 — with GitHub Actions Inactive

jibi force-pushed the pr/jibi/egressgw-tests branch from 0fbb1d9 to e25c9dd Compare May 4, 2023 09:29

jibi temporarily deployed to ci May 4, 2023 09:29 — with GitHub Actions Inactive

jibi requested review from brb and removed request for a team and rolinh May 4, 2023 09:29

brb approved these changes May 4, 2023

View reviewed changes

nebril approved these changes May 4, 2023

View reviewed changes

tklauser self-requested a review May 5, 2023 09:28

jibi removed request for youngnick and joamaki May 5, 2023 09:31

tklauser approved these changes May 5, 2023

View reviewed changes

aanm requested changes May 5, 2023

View reviewed changes

connectivity/manifests/egress-gateway-policy.yaml Outdated Show resolved Hide resolved

jibi added 3 commits May 5, 2023 12:39

connectivity: derive egress gateway node name instead of hardcoding it

706a58e

Use the node that runs the client pod with the other=client label as egress gateway rather than hardcoding kind-worker2 Signed-off-by: Gilberto Bertin <jibi@cilium.io>

jibi force-pushed the pr/jibi/egressgw-tests branch from e25c9dd to af55b73 Compare May 5, 2023 10:43

jibi temporarily deployed to ci May 5, 2023 10:43 — with GitHub Actions Inactive

jibi requested a review from aanm May 5, 2023 10:44

aanm approved these changes May 5, 2023

View reviewed changes

jibi merged commit a1ad5a3 into main May 5, 2023
14 checks passed

jibi deleted the pr/jibi/egressgw-tests branch May 5, 2023 11:27

jibi mentioned this pull request May 9, 2023

Move K8sDatapathEgressGatewayTest tests to cilium-cli's connectivity tests running on ci-datapath cilium/cilium#24151

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

connectivity: add basic egress gateway test #1555

connectivity: add basic egress gateway test #1555

jibi commented Apr 28, 2023 •

edited

brb left a comment

nebril left a comment

connectivity: add basic egress gateway test #1555

connectivity: add basic egress gateway test #1555

Conversation

jibi commented Apr 28, 2023 • edited

brb left a comment

Choose a reason for hiding this comment

nebril left a comment

Choose a reason for hiding this comment

jibi commented Apr 28, 2023 •

edited