Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kind: Configure external targets inside the cluster #1846

Merged
merged 3 commits into from
Jul 20, 2023
Merged

kind: Configure external targets inside the cluster #1846

merged 3 commits into from
Jul 20, 2023

Conversation

michi-covalent
Copy link
Contributor

@michi-covalent michi-covalent commented Jul 18, 2023
edited

3 commits:

@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 17:07 — with GitHub Actions Inactive
@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 17:15 — with GitHub Actions Inactive
@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 17:27 — with GitHub Actions Inactive
@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 17:59 — with GitHub Actions Inactive
@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 18:11 — with GitHub Actions Inactive
@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 20:30 — with GitHub Actions Inactive
@michi-covalent
Copy link
Contributor Author

michi-covalent commented Jul 18, 2023
edited

to test locally:

kind delete clusters chart-testing
kind create cluster --config .github/kind-config.yaml

export worker2_ip=$(kubectl get nodes chart-testing-worker2 -o=jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}')
export worker3_ip=$(kubectl get nodes chart-testing-worker3 -o=jsonpath='{.status.addresses[?(@.type=="InternalIP")].address}')

cilium install \
  --nodes-without-cilium chart-testing-worker2,chart-testing-worker3 \
  --wait=false \
  --helm-set bpf.monitorAggregation=none \
  --helm-set cni.chainingMode=portmap \
  --helm-set loadBalancer.l7.backend=envoy \
  --helm-set tls.secretsBackend=k8s

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.12.0/cert-manager.yaml
kubectl create ns external-targets
cat .github/external-targets/certs.yaml | envsubst | kubectl apply -n external-targets -f -
kubectl apply -n external-targets -f ./.github/external-targets/nginx.yaml
./cilium connectivity test --all-flows --test-namespace test-namespace --curl-insecure \
  --external-target chart-testing-worker2 \
  --external-target-ca-namespace=external-targets \
  --external-target-ca-name=ca \
  --external-cidr 172.18.0.0/16 \
  --external-ip ${worker2_ip} \
  --external-other-ip ${worker3_ip} \
  --test client-egress-l7-tls-headers

@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 20:38 — with GitHub Actions Inactive
@michi-covalent
connectivity: Add flags to override CA bundle secret
02d53aa 
Add --external-target-ca-{name,namespace} flags to "connectivity test"
command to specify the external target CA for client-egress-l7-tls test
cases.

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
@michi-covalent
connectivity: Add an error log exception
5b631b7 
Ignore "Unable to find identity of previously used CIDR" error message.
Cilium versions 1.13 and older log this error message when the CIDR range
specified with --external-cidr flag overlaps with the node IP range. See
cilium/cilium#26881 for additional details.

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 21:23 — with GitHub Actions Inactive
@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 21:26 — with GitHub Actions Inactive
@michi-covalent
kind: Configure external targets inside the cluster
5dcec89 
There are 2 nodes without Cilium installed in this configuration. Use
these nodes as the external targets for both DNS and CIDR-based test
cases to avoid depending on external services like one.one.one.one.

Ref: #1720

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
@michi-covalent michi-covalent temporarily deployed to ci July 18, 2023 21:39 — with GitHub Actions Inactive
@michi-covalent michi-covalent changed the title Pr/michi/final external target kind: Configure external targets inside the cluster Jul 18, 2023
@michi-covalent michi-covalent marked this pull request as ready for review July 18, 2023 22:49
@michi-covalent michi-covalent requested review from a team as code owners July 18, 2023 22:49
@michi-covalent
Copy link
Contributor Author

alright i'm shipping this.

@michi-covalent michi-covalent merged commit e1b5432 into main Jul 20, 2023
19 checks passed
@michi-covalent michi-covalent deleted the pr/michi/final-external-target branch July 20, 2023 21:10
@michi-covalent michi-covalent mentioned this pull request Jul 25, 2023
Closed
@meyskens meyskens mentioned this pull request Aug 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@squeed squeed squeed approved these changes

@nbusseneau nbusseneau nbusseneau approved these changes

@sayboras sayboras sayboras approved these changes

@learnitall learnitall learnitall approved these changes

@aditighag aditighag Awaiting requested review from aditighag aditighag is a code owner automatically assigned from cilium/contributing

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@michi-covalent @squeed @nbusseneau @sayboras @learnitall